Sourav Newatia

**Name of the Vulnerable Software and Affected Versions** Apple Music versions prior to 3.5.0 for Android **Description** The issue allows an attacker in a privileged network position to track a user's activity. This is resolved by using HTTPS when sending information over the network. **Recommendations** For versions prior to 3.5.0, update to Apple Music 3.5.0 for Android to resolve the issue. As a temporary workaround, consider restricting network access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** iTunes versions prior to 12.11 for Windows **Description** An information disclosure issue existed in the transition of program state, which could allow a malicious application to access local users' Apple IDs. This issue was addressed with improved state handling. **Recommendations** For versions prior to 12.11, update to iTunes 12.11 for Windows to resolve the issue. As a temporary workaround, consider restricting access to sensitive user information until the update is applied.