Macdefender

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.2 **Description** The issue is related to errors in security settings of the System Integrity Protection feature. It may allow a remote attacker to execute arbitrary code in a privileged context using a specially crafted app with root privileges. The problem arises from the mishandling of union mounts. **Recommendations** For Apple OS X versions prior to 10.11.2, update to version 10.11.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of apps with root privileges to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.2 Apple OS X versions prior to 10.11.2 Apple tvOS versions prior to 9.1 **Description** The issue is related to improper validation of keychain item Access Control Lists (ACLs), which can be exploited by attackers using a crafted app to gain access to keychain items. This can potentially allow a remote attacker to obtain access to security keys. **Recommendations** For Apple iOS versions prior to 9.2, update to version 9.2 or later. For Apple OS X versions prior to 10.11.2, update to version 10.11.2 or later. For Apple tvOS versions prior to 9.1, update to version 9.1 or later.