Thomas Adams

**Name of the Vulnerable Software and Affected Versions** Apple iPhone OS versions 1.0 through 2.2.1 Apple iPhone OS for iPod touch versions 1.1 through 2.2.1 **Description** The issue concerns the Mail component, which does not offer an option to disable remote image loading in HTML emails. This allows remote attackers to determine the device's address and when an email is read by sending an HTML email that contains an image URL. **Recommendations** For Apple iPhone OS versions 1.0 through 2.2.1, consider disabling HTML email rendering until a fix is available. For Apple iPhone OS for iPod touch versions 1.1 through 2.2.1, consider disabling HTML email rendering until a fix is available.

**Name of the Vulnerable Software and Affected Versions** CA Unicenter Management Portal versions 2.0 through 3.1 **Description** The issue concerns the "Forgot your Password" link, which displays different error messages for existing and non-existing users. This could allow remote attackers to guess valid usernames. **Recommendations** For CA Unicenter Management Portal versions 2.0 through 3.1, consider modifying the error messages displayed by the "Forgot your Password" link to be generic, avoiding the disclosure of username existence. As a temporary workaround, restrict access to the "Forgot your Password" link until a more permanent solution is implemented.