Anton Lopanitsyn

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 11.1 **Description** The issue involves the WebKit component and allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is a cross-site scripting (XSS) vulnerability. **Recommendations** For versions prior to 11.1, update to version 11.1 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially malicious URLs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11 Safari versions prior to 11 iCloud versions prior to 7.0 on Windows **Description** The issue involves the WebKit component and allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing. **Recommendations** For iOS versions prior to 11, update to version 11 or later. For Safari versions prior to 11, update to version 11 or later. For iCloud versions prior to 7.0 on Windows, update to version 7.0 or later.