Itsecurityguard

**Name of the Vulnerable Software and Affected Versions** Apple iBooks Author versions prior to 2.4.1 **Description** The issue allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. **Recommendations** For versions prior to 2.4.1, update to version 2.4.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.2 Apple OS X versions prior to 10.11.2 **Description** The issue is related to an XML External Entity (XXE) problem, where an incorrect restriction of XML links to external objects allows a remote attacker to read arbitrary files. This can be achieved by using a specially crafted iBook file that contains references to external XML objects. **Recommendations** For Apple iOS versions prior to 9.2, update to version 9.2 or later to resolve the issue. For Apple OS X versions prior to 10.11.2, update to version 10.11.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iWork versions prior to 2.6 for iOS Apple Keynote versions prior to 6.6 Apple Pages versions prior to 5.6 Apple Numbers versions prior to 3.6 **Description** The issue allows remote attackers to obtain sensitive information via a crafted document. **Recommendations** For Apple iWork versions prior to 2.6 for iOS, update to version 2.6 or later. For Apple Keynote versions prior to 6.6, update to version 6.6 or later. For Apple Pages versions prior to 5.6, update to version 5.6 or later. For Apple Numbers versions prior to 3.6, update to version 3.6 or later.