James Robinson

**Name of the Vulnerable Software and Affected Versions** WebKit, as used in Apple iTunes versions prior to 10.7 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. **Recommendations** For Apple iTunes versions prior to 10.7, update to version 10.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 5.0 on Mac OS X 10.5 through 10.6 and Windows Apple Safari versions prior to 4.1 on Mac OS X 10.4 **Description** A use-after-free issue in WebKit allows remote attackers to execute arbitrary code or cause a denial of service, resulting in an application crash, via vectors involving HTML document subtrees. **Recommendations** For Apple Safari versions prior to 5.0 on Mac OS X 10.5 through 10.6 and Windows, update to version 5.0 or later. For Apple Safari versions prior to 4.1 on Mac OS X 10.4, update to version 4.1 or later.

**Name of the Vulnerable Software and Affected Versions** WebKit versions before r50173 Google Chrome versions before 3.0.195.32 **Description** The issue allows remote attackers to cause a denial of service, resulting in CPU consumption, by calling the JavaScript `setInterval` method on a web page. This triggers an incompatibility between the `WTF::currentTime` and `base::Time` functions. **Recommendations** For WebKit versions before r50173, update to version r50173 or later. For Google Chrome versions before 3.0.195.32, update to version 3.0.195.32 or later.