Jordan Milne

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 10 iTunes versions prior to 12.5.1 on Windows Apple iOS versions prior to 10 **Description** The issue allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support. **Recommendations** For Safari versions prior to 10, update to version 10 or later. For iTunes versions prior to 12.5.1 on Windows, update to version 12.5.1 or later. For Apple iOS versions prior to 10, update to version 10 or later.

**Name of the Vulnerable Software and Affected Versions** WebKit, as used in Apple iOS versions prior to 8.1.3 **Description** The issue allows remote attackers to spoof the UI via a crafted web site, due to improper determination of scrollbar boundaries during the rendering of FRAME elements. **Recommendations** For versions prior to 8.1.3, update to iOS version 8.1.3 or later to resolve the issue.