Tao (Lenx) Wei

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9 **Description** The issue exists due to insufficient input validation in the PluginKit component of the iOS operating system. This allows a remote attacker to bypass the app review process and install arbitrary extensions using a specially crafted enterprise app. **Recommendations** For Apple iOS versions prior to 9, update to version 9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9 **Description** The issue is related to errors in security settings within the Application Store component. It allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL. **Recommendations** For versions prior to 9, update to version 9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 8.4 **Description** The issue allows attackers to cause a denial of service, specifically an ID collision and launch outage, by utilizing a crafted universal provisioning profile app. This is due to the Application Store in Apple iOS not ensuring the uniqueness of bundle IDs. **Recommendations** For versions prior to 8.4, update to version 8.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 8.4 **Description** The issue allows attackers to cause a denial of service, specifically an ID collision and Watch launch outage, by using a crafted universal provisioning profile app. This is due to the MobileInstallation component not ensuring the uniqueness of Watch bundle IDs. **Recommendations** For versions prior to 8.4, update to version 8.4 or later to resolve the issue.