Pedro Vilaça

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 10 Apple OS X versions prior to 10.12 **Description** The issue concerns the mishandling of process entitlement and Team ID values in the task port inheritance policy by AppleMobileFileIntegrity. This allows attackers to execute arbitrary code in a privileged context via a crafted app. **Recommendations** For Apple iOS versions prior to 10, update to version 10 or later. For Apple OS X versions prior to 10.12, update to version 10.12 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9 **Description** The issue is related to insufficient access control in the processor set tasks component of the iOS operating system. It allows a local attacker to bypass existing protection mechanisms and scan ports of random processes. By leveraging root privileges, an attacker can obtain access to the task ports of arbitrary processes. **Recommendations** For Apple iOS versions prior to 9, consider restricting access to the processor set tasks API until a patch is available. As a temporary workaround, limiting the use of root privileges may help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple Mac EFI versions before 2015-001 OS X versions prior to 10.10.4 **Description** The issue allows local users to conduct EFI flash attacks by leveraging root privileges, due to the lack of a locking protection mechanism when the system is woken from sleep. **Recommendations** For Apple Mac EFI versions before 2015-001, update to version 2015-001 or later. For OS X versions prior to 10.10.4, update to OS X version 10.10.4 or later.