Robert Sesek

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.1 **Description** The issue involves the `Fonts` component and allows remote attackers to spoof the user interface via crafted text. **Recommendations** For macOS versions prior to 10.13.1, update to version 10.13.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WebKit before r38566 **Description** The issue allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, due to improper restriction of access to the Set-Cookie and Set-Cookie2 HTTP response headers. This is related to the HTTPOnly protection mechanism. **Recommendations** For WebKit before r38566, update to a version after r38566 to resolve the issue.