Yongshao

**Name of the Vulnerable Software and Affected Versions** Windows Server 2016 Windows 10 Windows 10 Servers **Description** A remote code execution issue exists due to improper handling of URIs by the Windows Shell, allowing remote attackers to execute arbitrary code. This can be achieved through a specially crafted web page. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For Windows Server 2016, update to a version that includes the fix for this issue. For Windows 10, apply the necessary patches to resolve the remote code execution vulnerability. For Windows 10 Servers, ensure that all security updates are installed to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to hazardous URIs in Microsoft Edge until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Whale Browser versions prior to 1.3.48.4 **Description** The issue allows an attacker to display a malicious web page with a fake domain name by exploiting the fact that the browser displays only the title of a web page on the address bar when visiting a non-http page, without showing any URL information. **Recommendations** For versions prior to 1.3.48.4, update to version 1.3.48.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Whale Browser versions prior to 1.0.41.8 **Description** The issue allows an attacker to display a malicious web page with a fake domain name by exploiting the browser's behavior of displaying only the title of a web page on the address bar when visiting a blank page, without showing any URL information. **Recommendations** For versions prior to 1.0.41.8, update to version 1.0.41.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.2 **Description** The issue involves the WebKit component, allowing XSS attacks against Safari. This is due to a lack of protection for the web page structure, which can be exploited by a remote attacker to conduct XSS attacks by injecting malicious code into the Safari browser. **Recommendations** For iOS versions prior to 10.2, update to a version 10.2 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially malicious web pages to minimize the risk of exploitation.