Apple addresses a vulnerability that exists in the way the iOS sandbox_profiles component handles third party apps. When abused, a malicious app may be allowed to read managed preferences of other apps' installed in the vulnerable iOS device.
This vulnerability exists in several versions of the Windows browser Internet Explorer. The vulnerability lies in the way Internet Explorer accesses objects in memory. Attackers could exploit this vulnerability and allow remote code execution on the vulnerable machine. Attackers looking to take advantage of this vulnerability lures potential victims to click on malicious links in instant messages, email messages, and the like.
Affected versions of Internet Explorer are versions 7 to 11, installed in Windows operating systems from Windows Vista to Windows 10.
This vulnerability assigned with CVE-2015-3842, affects the AudioEffect component found in the mediaserver program. Attackers can run arbitrary code on the device when successfully exploited thus compromising its security. However, attackers need to convince users first to install a malicious app that doesn't require any permission.The said vulnerability affects Android versions 2.3 to 5.1.1.
Trend Micro researcher Wish Wu disclosed details about this vulnerability to Google. The said company acknowledged Wu’s research contribution.
Trend Micro researchers discovered this Android vulnerability that can modify MMS/SMS when exploited successfully. This bug came from “MessageStatusReceiver” service found in AndroidManifest.XML file. Attackers may exploit this via a malicious application to launch privilege escalation attack to the Android security model to change received status and date of SMS/MMS.
Other possible attack scenarios would be for attackers to leverage this vulnerability to modify the conversation or even have users send messages to a premium number without their knowledge.
Trend Micro researchers discovered this Android vulnerability assigned with CVE-2015-3839 that could allow attackers to put malicious messages in the messaging app, thus causing it to crash. In addition, attackers can also perform denial-of-service (DoS) attacks on the messaging app only (and not the whole device). As such, users won’t be able to receive and send text messages to their contacts.
Attackers need to trick users into installing a malicious app in order to download the said bug on their devices.
Microsoft addresses the following vulnerabilities in its batch of patches for August 2015: