Yair Amit

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.2.1 **Description** The issue is related to the WebSheet component in the iOS operating system, which lacks protection for certain internal data. This can be exploited by a remote attacker using a specially crafted captive portal to read or write data in cookies. **Recommendations** For versions prior to 9.2.1, update to version 9.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to captive portals to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 9.0.3 iOS versions prior to 9.2.1 **Description** The issue is related to the Cascading Style Sheets (CSS) implementation, which mishandles the `a:visited button` selector during height processing. This makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web site. The vulnerability is associated with a lack of protection for internal data, allowing a remote attacker to access browser history using a specially formed web site. **Recommendations** For Safari versions prior to 9.0.3, update to version 9.0.3 or later. For iOS versions prior to 9.2.1, update to version 9.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 7.1 Apple TV versions prior to 6.1 **Description** The issue allows attackers to bypass intended configuration-profile visibility requirements via a long name in the Profiles component. **Recommendations** For Apple iOS versions prior to 7.1, update to version 7.1 or later. For Apple TV versions prior to 6.1, update to version 6.1 or later.

**Name of the Vulnerable Software and Affected Versions** Android versions 2.3.4 through 3.1 **Description** A cross-application scripting issue exists in the Browser URL loading functionality, allowing local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains. This can be achieved by either causing the maximum number of tabs to be opened and then loading a URI to the targeted domain into the current tab, or by making two `startActivity` function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain. **Recommendations** For Android versions 2.3.4 through 3.1, consider restricting access to the Browser URL loading functionality to minimize the risk of exploitation. As a temporary workaround, avoid using the `startActivity` function to load URIs from untrusted sources until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Windows Search versions 4.0 **Description** A cross-site scripting (XSS) issue allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result. **Recommendations** For Windows Search version 4.0, update to a newer version to mitigate the risk.