Critical Vulnerability Information 1. AppleJPEG Impact: Use of specially crafted JPEG image files may lead to unexpected application termination or process memory corruption. CVE ID: CVE-2015-3728 Fix: Resolved by improving input validation. 2. Baseband Impact: May be exploited in private network locations to intercept network traffic. CVE ID: CVE-2015-3734, CVE-2015-3735, and CVE-2015-3736 Fix: Resolved by improving state management. 3. CoreBluetooth Impact: May allow access to sensitive user data. CVE ID: CVE-2015-3729 Fix: Resolved by improving state management. 4. CoreAudio Impact: File reading may lead to user information leakage. CVE ID: CVE-2015-3730 Fix: Resolved by improving boundary checks. 5. CoreGraphics Impact: Processing specially crafted PDF files may lead to unexpected application termination. CVE ID: CVE-2015-3731 Fix: Resolved by improving memory management. 6. CoreMedia Impact: Processing specially crafted video files may lead to unexpected application termination or process memory corruption. CVE ID: CVE-2015-3733 Fix: Resolved by improving input validation. 7. FaceTime Impact: Interruptions during a call may result in audio being audible after the call is muted. CVE ID: CVE-2015-3735 Fix: Resolved by improving state management. 8. FrontBoard Impact: May allow attackers to enumerate applications installed on the device. CVE ID: CVE-2015-3736 Fix: Resolved by improving permission checks. 9. iCloud Document Sharing Impact: Attackers may be allowed to share documents without authorization. CVE ID: CVE-2015-3737 Fix: Resolved by adding additional encryption checks. 10. ImageIO Impact: Processing specially crafted image files may lead to denial of service. CVE ID: CVE-2015-3738 Fix: Resolved by improving input checks. 11. Kernel Impact: Specially crafted kernel extensions may cause system crashes or allow control over kernel memory. CVE ID: CVE-2015-3739 Fix: Resolved by improving memory handling. 12. libdispatch Impact: May lead to unauthorized code execution. CVE ID: CVE-2015-3740 Fix: Resolved by improving checks. 13. Mail Addressing Impact: Malicious email addresses may lead to user interface spoofing. CVE ID: CVE-2015-3741 Fix: Resolved by improving input validation. 14. nXDNResponder Impact: May allow users to escalate privileges. CVE ID: CVE-2015-3742 Fix: Resolved by improving checks. 15. Notes Impact: Physical access to the device may allow access to notes behind the lock screen. CVE ID: CVE-2015-3743 Fix: Resolved by improving authentication. 16. Pro Res Impact: May allow attackers to cause unexpected system termination. CVE ID: CVE-2015-3744 Fix: Resolved by improving checks. 17. Security Impact: Remote attackers may be able to leak memory. CVE ID: CVE-2015-3745 Fix: Resolved by improving input validation. 18. WebKit Impact: Processing specially crafted web content may lead to memory corruption. CVE ID: CVE-2015-3746 Fix: Resolved by improving memory handling. 19. Additional recognition Acknowledgment: Thanks to researchers and teams who provided various assistance and reported vulnerabilities.