Joost Pol

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 6.0.1 Apple Safari versions prior to 6.0.2 **Description** A race condition in WebKit allows remote attackers to execute arbitrary code or cause a denial of service via vectors involving JavaScript arrays. This issue was demonstrated at Mobile Pwn2Own, showcasing a remote code execution vulnerability in Apple Safari. **Recommendations** For Apple iOS versions prior to 6.0.1, update to version 6.0.1 or later to resolve the issue. For Apple Safari versions prior to 6.0.2, update to version 6.0.2 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: SquirrelMail versions 1.4.3a and earlier SquirrelMail versions 1.5.1-cvs before 23rd October 2004 Description: A cross-site scripting (XSS) issue exists in the decoding of encoded text in certain headers in mime.php, allowing remote attackers to execute arbitrary web script or HTML. Recommendations: For SquirrelMail versions 1.4.3a and earlier, update to a version later than 1.4.3a. For SquirrelMail versions 1.5.1-cvs before 23rd October 2004, update to a version from 23rd October 2004 or later.