Jobert Abma

**Name of the Vulnerable Software and Affected Versions** WebKit, as used in Apple iTunes versions prior to 10.5 **Description** The issue allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via vectors related to iTunes Store browsing. **Recommendations** For Apple iTunes versions prior to 10.5, update to version 10.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 5.0.6 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via vectors involving a URL that contains a `username`. This can be achieved by manipulating the URL to include malicious script or HTML, potentially leading to unauthorized actions on the affected system. **Recommendations** For versions prior to 5.0.6, update to version 5.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to URLs that contain user-supplied input, such as `username`, to minimize the risk of exploitation.