Mihai Chiroiu

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.1 tvOS versions prior to 10.0.1 watchOS versions prior to 3.1 **Description** The issue involves the `Sandbox Profiles` component, which allows attackers to read audio-recording metadata via a crafted app. This is related to a lack of protection for service data, potentially allowing a remote attacker to access audio recording metadata using a specially created application. **Recommendations** For iOS versions prior to 10.1, update to version 10.1 or later. For tvOS versions prior to 10.0.1, update to version 10.0.1 or later. For watchOS versions prior to 3.1, update to version 3.1 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.1 tvOS versions prior to 10.0.1 watchOS versions prior to 3.1 **Description** The issue involves the `Sandbox Profiles` component, which allows attackers to read photo-directory metadata via a crafted app. This is related to a lack of protection for service data, potentially allowing a remote attacker to access photo catalog metadata using a specially created application. **Recommendations** For iOS versions prior to 10.1, update to version 10.1 or later to resolve the issue. For tvOS versions prior to 10.0.1, update to version 10.0.1 or later to resolve the issue. For watchOS versions prior to 3.1, update to version 3.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.1 **Description** The issue involves the `Contacts` component, which does not prevent an app's Address Book access after access revocation. This is related to insufficient access control to the Address Book application, potentially allowing a local attacker to access protected information. **Recommendations** For iOS versions prior to 10.1, update to version 10.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `Contacts` component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 10 **Description** The issue concerns the Sandbox Profiles component, which does not properly restrict access to directory metadata for SMS draft directories. This allows attackers to discover text-message recipients via a crafted app. **Recommendations** For Apple iOS versions prior to 10, update to version 10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 10 Apple watchOS versions prior to 3 **Description** The issue concerns the GeoServices component, which does not properly restrict access to PlaceData information. This allows attackers to discover physical locations via a crafted application. **Recommendations** For Apple iOS versions prior to 10, update to version 10 or later to resolve the issue. For Apple watchOS versions prior to 3, update to version 3 or later to resolve the issue.