Roeland Krak

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.3.3 Apple tvOS versions prior to 9.2.2 **Description** The issue allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site. **Recommendations** For Apple iOS versions prior to 9.3.3, update to version 9.3.3 or later. For Apple tvOS versions prior to 9.2.2, update to version 9.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 4.4.4 **Description** The issue is related to a lack of protection for service data in the media server of the Android operating system. This can be exploited by a remote attacker to obtain sensitive information. **Recommendations** For versions prior to 4.4.4, update to version 4.4.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.3.3 Safari versions prior to 9.1.2 tvOS versions prior to 9.2.2 **Description** The issue allows remote attackers to bypass the Same Origin Policy and obtain image data from an unintended web site via a timing attack involving an SVG document. **Recommendations** For Apple iOS versions prior to 9.3.3, update to version 9.3.3 or later. For Safari versions prior to 9.1.2, update to version 9.1.2 or later. For tvOS versions prior to 9.2.2, update to version 9.2.2 or later.