Richard Shupak

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.2 **Description** The issue concerns the retrieval of exchange rates over an insecure connection. In the affected versions, exchange rates were fetched using HTTP instead of the more secure HTTPS protocol. **Recommendations** For iOS versions prior to 11.2, update to version 11.2 or later to enable HTTPS for exchange rates.

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server 2010 version 14.3.452.0 (Service Pack 3 Update Rollup 20) Microsoft Exchange Server 2013 versions 15.0.1395.4 through 15.0.1473.3 Microsoft Exchange Server 2016 versions 15.1.1034.26 through 15.1.1068.10 Description: An information disclosure issue exists due to how URL redirects are handled. This could allow an attacker to discover sensitive information, such as the URL of the user's Outlook Web Access (OWA) service, if the impacted user is using Microsoft Exchange Outlook Web Access (OWA) Light. Recommendations: For Microsoft Exchange Server 2010 version 14.3.452.0, update to a newer version to mitigate the risk. For Microsoft Exchange Server 2013 versions 15.0.1395.4 through 15.0.1473.3, update to a newer version to mitigate the risk. For Microsoft Exchange Server 2016 versions 15.1.1034.26 through 15.1.1068.10, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the OWA Light service until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions 10 Gold, 1511, 1607, and 1703 Microsoft Windows Server 2016 **Description** The issue is related to errors that occur when loading DLL files, allowing a remote attacker to execute arbitrary code using specially crafted DLL files. This can be achieved through the exploitation of the TRIE component in the Windows operating system. The estimated number of potentially affected devices and details about real-world incidents where this issue was exploited are not specified. **Recommendations** For Microsoft Windows versions 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, update to a version that includes the fix for the TRIE component issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3 **Description** The issue involves the `iTunes Store` component and allows man-in-the-middle attackers to modify the client-server data stream to iTunes sandbox web services by leveraging use of cleartext HTTP. This can potentially compromise the confidentiality, integrity, and availability of protected information. **Recommendations** For iOS versions prior to 10.3, update to a version 10.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `iTunes Store` component to minimize the risk of exploitation. Avoid using cleartext HTTP for sensitive transactions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-12-05 **Description** The issue is related to the GPS component and is caused by insufficient access control. It allows remote attackers to cause a denial of service, specifically a GPS signal-acquisition delay, by using an incorrect `xtra.bin` or `xtra2.bin` file on a spoofed Qualcomm `gpsonextra.net` or `izatcloud.net` host. **Recommendations** For Android versions prior to 2016-12-05, update to a version released after 2016-12-05 to resolve the issue. As a temporary workaround, consider restricting access to the GPS component to minimize the risk of exploitation. Avoid using the `xtra.bin` or `xtra2.bin` files from untrusted sources, especially on spoofed hosts.

**Name of the Vulnerable Software and Affected Versions** libxslt versions prior to those in Apple iOS 9.3.2, OS X 10.11.5, tvOS 9.2.1, and watchOS 2.2.1 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. This is due to a buffer overflow in the libxslt library. **Recommendations** For versions prior to those in Apple iOS 9.3.2, update to iOS 9.3.2 or later. For versions prior to OS X 10.11.5, update to OS X 10.11.5 or later. For versions prior to tvOS 9.2.1, update to tvOS 9.2.1 or later. For versions prior to watchOS 2.2.1, update to watchOS 2.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** MapKit in Apple iOS versions prior to 9.3.2 MapKit in Apple OS X versions prior to 10.11.5 MapKit in Apple watchOS versions prior to 2.2.1 **Description** The issue is related to MapKit not using HTTPS for shared links, allowing remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. This can enable a remote attacker to gain confidential information by listening to network traffic. **Recommendations** For iOS versions prior to 9.3.2, update to version 9.3.2 or later. For OS X versions prior to 10.11.5, update to version 10.11.5 or later. For watchOS versions prior to 2.2.1, update to version 2.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-04-01 **Description** The issue is related to the Autodiscover implementation in Exchange ActiveSync, where the `exchange/eas/EasAutoDiscover.java` function lacks protection of service data. This allows attackers to obtain sensitive information via a crafted application that triggers a spoofed response to a `GET` request. **Recommendations** For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-04-01, ensure that updates after 2016-04-01 are applied.