Floyd

**Name of the Vulnerable Software and Affected Versions** Twitter iOS client versions 6.62 through 6.62.1 **Description** The issue allows man-in-the-middle attackers to view an application-only OAuth client token by exploiting the failure to validate Twitter's server certificates for the "/1.1/help/settings.json" configuration endpoint. This could potentially enable unreleased Twitter iOS app features. **Recommendations** For Twitter iOS client versions 6.62 through 6.62.1, consider restricting access to the "/1.1/help/settings.json" endpoint until a patch is available. As a temporary workaround, avoid using the Twitter iOS client for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibTIFF versions prior to 4.0.4 **Description** The issue allows remote attackers to cause a denial of service or possibly obtain sensitive information from process memory via crafted width and length values in RLE4 or RLE8 data in a BMP file. This is due to an integer overflow in tools/bmp2tiff.c. **Recommendations** For versions prior to 4.0.4, update to version 4.0.4 or later to resolve the issue. As a temporary workaround, consider restricting the processing of BMP files with RLE4 or RLE8 data to minimize the risk of exploitation.