Hiromitsu Takagi

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 2.0 on Apple iPhone and iPod touch **Description** The issue misinterprets a menu button press as user confirmation for visiting a web site with a self-signed or invalid certificate. This makes it easier for remote attackers to spoof web sites. **Recommendations** For versions prior to 2.0, update to version 2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Multiple networking devices (affected versions not specified) **Description** The issue concerns the built-in web servers of multiple networking devices, which fail to set the Secure attribute for sensitive cookies during HTTPS sessions. This could lead to the user agent sending these cookies in plaintext over an HTTP session with the same server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.