Panguteam

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 8.4.1 OS X versions prior to 10.10.5 **Description** The issue is related to the lack of protection for system data in iOS and Mac OS X. It can be exploited by a remote attacker using a specially crafted application to gain access to protected information. The kernel does not properly restrict the mach port space info interface, allowing attackers to obtain sensitive memory-layout information. **Recommendations** For iOS versions prior to 8.4.1, update to version 8.4.1 or later to resolve the issue. For OS X versions prior to 10.10.5, update to version 10.10.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 8.1.1 **Description** The issue is related to the improper implementation of the debugserver sandbox in the Sandbox Profiles subsystem. This allows attackers to bypass intended binary-execution restrictions by running a crafted application during a time period when debugging is not enabled. **Recommendations** For versions prior to 8.1.1, update to version 8.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** dyld in Apple iOS versions prior to 8.1.1 dyld in Apple TV versions prior to 7.0.2 **Description** The issue allows local users to bypass intended code-signing restrictions by using a crafted file that takes advantage of improper handling of overlapping segments in Mach-O executable files. **Recommendations** For Apple iOS versions prior to 8.1.1, update to version 8.1.1 or later to resolve the issue. For Apple TV versions prior to 7.0.2, update to version 7.0.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 8.1.1 Apple TV versions prior to 7.0.2 **Description** The issue is related to the improper validation of IOSharedDataQueue object metadata in the kernel. This allows attackers to execute arbitrary code in a privileged context via a crafted application. **Recommendations** For Apple iOS versions prior to 8.1.1, update to version 8.1.1 or later to resolve the issue. For Apple TV versions prior to 7.0.2, update to version 7.0.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 8.1.1 **Description** The issue allows physically proximate attackers to bypass the lock-screen protection mechanism. This can lead to viewing or transmitting a Photo Library photo via the FaceTime "Leave a Message" feature. **Recommendations** For versions prior to 8.1.1, update to version 8.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 8 Apple TV versions prior to 7 **Description** The issue is related to the improper initialization of kernel memory in IOKit. This allows attackers to obtain sensitive memory-content information by making crafted IOKit function calls through an application. **Recommendations** For Apple iOS versions prior to 8, update to version 8 or later to resolve the issue. For Apple TV versions prior to 7, update to version 7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 8 Apple TV versions prior to 7 **Description** The issue is related to improper validation of IODataQueue object metadata in IOKit. This allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields. **Recommendations** For Apple iOS versions prior to 8, update to version 8 or later. For Apple TV versions prior to 7, update to version 7 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 8 Apple TV versions prior to 7 **Description** The issue is related to the IOHIDFamily kernel extension, which lacks proper bounds checking on write operations. This allows attackers to execute arbitrary code in the kernel's context via a crafted application. **Recommendations** For Apple iOS versions prior to 8, update to version 8 or later to resolve the issue. For Apple TV versions prior to 7, update to version 7 or later to resolve the issue.