Xiaojing Liao

**Name of the Vulnerable Software and Affected Versions** Google Chrome on Android versions prior to 72.0.3626.81 **Description** The issue concerns insufficient protection of permission UI in WebAPKs, allowing an attacker to access privacy and security-sensitive web APIs. This can occur if the user is convinced to install a malicious application. The exploitation enables a remote attacker to gain unauthorized access to information using a specially crafted APK. **Recommendations** For versions prior to 72.0.3626.81, update to version 72.0.3626.81 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.2 tvOS versions prior to 9.1 **Description** The issue is related to improper interaction between Keychain Access and Keychain Agent. This allows attackers to spoof the Keychain Server, potentially enabling remote attackers to substitute the Keychain Server. **Recommendations** For Apple OS X versions prior to 10.11.2, update to version 10.11.2 or later. For tvOS versions prior to 9.1, update to version 9.1 or later.