Peter Rutenbar

**Name of the Vulnerable Software and Affected Versions** SQLite versions prior to the version in iOS 8.4 and OS X 10.10.4 iOS versions prior to 8.4 OS X versions prior to 10.10.4 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service via a SQL command that triggers an API call with a crafted pointer value in the second argument. This is related to the fts3 tokenizer function in SQLite. **Recommendations** For SQLite, update to a version that is not vulnerable to this issue. For iOS, update to version 8.4 or later. For OS X, update to version 10.10.4 or later.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.10.4 **Description** The issue allows attackers to execute arbitrary commands via a crafted name of a photo file within the local photo library. This is related to the Spotlight feature in Apple OS X. **Recommendations** For versions prior to 10.10.4, update to version 10.10.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.10.4 **Description** The issue allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. This is related to the NTFS implementation in Apple OS X. **Recommendations** For versions prior to 10.10.4, update to version 10.10.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 6.2.7 Apple Safari versions 7.x prior to 7.1.7 Apple Safari versions 8.x prior to 8.0.7 **Description** The issue is related to the SQLite authorizer in the Storage functionality in WebKit, which does not properly restrict access to SQL functions. This allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. **Recommendations** For Apple Safari versions prior to 6.2.7, update to version 6.2.7 or later. For Apple Safari versions 7.x prior to 7.1.7, update to version 7.1.7 or later. For Apple Safari versions 8.x prior to 8.0.7, update to version 8.0.7 or later.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions 6.2.7 and earlier, 7.x through 7.1.6, and 8.x through 8.0.6 Apple iOS versions prior to 8.4 **Description** The issue allows remote attackers to access an arbitrary web site's database via a crafted web site, due to improper restriction of rename operations on WebSQL tables. **Recommendations** For Apple Safari versions 6.2.7 and earlier, update to version 6.2.7 or later. For Apple Safari 7.x through 7.1.6, update to version 7.1.7 or later. For Apple Safari 8.x through 8.0.6, update to version 8.0.7 or later. For Apple iOS versions prior to 8.4, update to version 8.4 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 8.4 Apple OS X versions prior to 10.10.4 **Description** The issue allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. This is related to the DiskImages subsystem. **Recommendations** For Apple iOS versions prior to 8.4, update to version 8.4 or later. For Apple OS X versions prior to 10.10.4, update to version 10.10.4 or later.

**Name of the Vulnerable Software and Affected Versions** SQLite versions prior to the version included in Apple iOS 8.4 SQLite versions prior to the version included in Apple OS X 10.10.4 **Description** The issue is related to multiple buffer overflows in the printf functionality in SQLite. This allows remote attackers to execute arbitrary code or cause a denial of service, resulting in an application crash, via unspecified vectors. **Recommendations** For SQLite versions used in Apple iOS before 8.4, update to Apple iOS 8.4 or later. For SQLite versions used in Apple OS X before 10.10.4, update to Apple OS X 10.10.4 or later.