Pedro Tavares

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-825 versions 1.33.0.44ebdd4-embedded and below **Description** The issue is related to a buffer overflow in the jsonrpc service of the D-Link DIR-825 router's firmware, which can be exploited by an attacker to execute arbitrary code or cause a denial of service. This can be achieved via the GetConfig method to the "/CPE" endpoint. **Recommendations** For D-Link DIR-825 versions 1.33.0.44ebdd4-embedded and below, consider disabling the GetConfig method to the /CPE endpoint as a temporary workaround until a patch is available. Restrict access to the jsonrpc service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 8.3 **Description** The issue allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard, specifically exploiting the QuickType feature in the Keyboards subsystem. **Recommendations** For versions prior to 8.3, update to version 8.3 or later to resolve the issue.