Jerry Decime

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12 tvOS versions prior to 12 watchOS versions prior to 5 **Description** An input validation issue was addressed with improved input validation. **Recommendations** For iOS versions prior to 12, update to iOS 12 or later. For tvOS versions prior to 12, update to tvOS 12 or later. For watchOS versions prior to 5, update to watchOS 5 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 9.3.3 tvOS versions prior to 9.2.2 OS X El Capitan versions prior to 10.11.6 and Security Update 2016-004 **Description** A downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials. **Recommendations** For iOS versions prior to 9.3.3, update to version 9.3.3 or later. For tvOS versions prior to 9.2.2, update to version 9.2.2 or later. For OS X El Capitan versions prior to 10.11.6 and Security Update 2016-004, update to version 10.11.6 and apply Security Update 2016-004.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 9.3.3 tvOS versions prior to 9.2.2 OS X El Capitan versions prior to 10.11.6 and Security Update 2016-004 **Description** A validation issue existed in the parsing of 407 responses, which was addressed through improved response validation. **Recommendations** For iOS versions prior to 9.3.3, update to version 9.3.3 or later. For tvOS versions prior to 9.2.2, update to version 9.2.2 or later. For OS X El Capitan versions prior to 10.11.6 and Security Update 2016-004, update to version 10.11.6 and apply Security Update 2016-004.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 9.3.3 tvOS versions prior to 9.2.2 OS X El Capitan versions prior to 10.11.6 and Security Update 2016-004 **Description** The issue concerns proxy authentication, where HTTP proxies incorrectly reported receiving credentials securely. This was addressed through improved warnings. **Recommendations** For iOS versions prior to 9.3.3, update to version 9.3.3 or later. For tvOS versions prior to 9.2.2, update to version 9.2.2 or later. For OS X El Capitan versions prior to 10.11.6 and Security Update 2016-004, update to version 10.11.6 and apply Security Update 2016-004.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.4 macOS versions prior to 10.13.5 **Description** The issue involves the `iBooks` component and allows man-in-the-middle attackers to spoof a password prompt. **Recommendations** For iOS versions prior to 11.4, update to version 11.4 or later. For macOS versions prior to 10.13.5, update to version 10.13.5 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 11.2 Apple tvOS versions prior to 11.2 **Description** The issue involves the `App Store` component and allows man-in-the-middle attackers to spoof password prompts. **Recommendations** For iOS versions prior to 11.2, update to version 11.2 or later. For tvOS versions prior to 11.2, update to version 11.2 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.2 Safari versions prior to 11.0.2 iCloud versions prior to 7.2 on Windows iTunes versions prior to 12.7.2 on Windows tvOS versions prior to 11.2 watchOS versions prior to 4.2 **Description** The issue involves the WebKit component and allows remote attackers to spoof user-interface information about whether the entire content is derived from a valid TLS session via a crafted web site that sends a 401 Unauthorized redirect. **Recommendations** For iOS versions prior to 11.2, update to version 11.2 or later. For Safari versions prior to 11.0.2, update to version 11.0.2 or later. For iCloud versions prior to 7.2 on Windows, update to version 7.2 or later. For iTunes versions prior to 12.7.2 on Windows, update to version 12.7.2 or later. For tvOS versions prior to 11.2, update to version 11.2 or later. For watchOS versions prior to 4.2, update to version 4.2 or later.

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 58 Description: The issue is related to an authentication error in Mozilla Firefox when handling HTTP requests. This can lead to user confusion about the origin of an authentication request, potentially causing users to send private credentials to a third-party site. The problem arises when an HTTP authentication prompt is triggered by a background network request and is displayed over the currently loaded page, making it difficult for users to identify the real domain making the request. Recommendations: For versions prior to 58, update to version 58 or later to resolve the issue. As a temporary workaround, consider being cautious when encountering HTTP authentication prompts, especially if they appear over a foreground page, and verify the domain making the request to avoid sending credentials to unauthorized sites.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.1 macOS versions prior to 10.12.1 tvOS versions prior to 10.0.1 **Description** The issue involves the `CFNetwork Proxies` component, allowing man-in-the-middle attackers to spoof a proxy password authentication requirement and obtain sensitive information. It is related to errors in security settings, which can be exploited by a remote attacker to gain confidential information. **Recommendations** For iOS versions prior to 10.1, update to version 10.1 or later. For macOS versions prior to 10.12.1, update to version 10.12.1 or later. For tvOS versions prior to 10.0.1, update to version 10.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-685 router (affected versions not specified) **Description** The issue concerns the D-Link DIR-685 router, which fails to maintain an encrypted wireless network when handling a large amount of network traffic under certain WPA and WPA2 configurations. This allows remote attackers to intercept sensitive information or bypass authentication using a Wi-Fi device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.