Gustavo.Grieco

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.3 **Description** The issue is related to the XPC Services API in LaunchServices, which has inadequate access control. This allows an attacker to bypass event-handler restrictions and modify events of arbitrary apps using a crafted app. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 9.3, update to iOS version 9.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the XPC Services API in LaunchServices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libxml2 version 2.9.1 **Description** The issue is related to the xz decomp function in xzlib.c, which does not properly handle compression errors. This allows attackers to cause a denial of service, resulting in a process hang, by providing crafted XML data. The vulnerability is also associated with resource management errors, and its exploitation can lead to a denial of service when specially formed XML data is used. **Recommendations** For libxml2 version 2.9.1, consider updating to a newer version that addresses the issue with the xz decomp function. As a temporary workaround, restrict the use of crafted XML data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.