Zhiyong Feng

**Name of the Vulnerable Software and Affected Versions** Whale Browser versions prior to 1.3.48.4 **Description** The issue allows an attacker to display a malicious web page with a fake domain name by exploiting the fact that the browser displays only the title of a web page on the address bar when visiting a non-http page, without showing any URL information. **Recommendations** For versions prior to 1.3.48.4, update to version 1.3.48.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Whale Browser versions prior to 1.0.41.8 **Description** The issue allows an attacker to display a malicious web page with a fake domain name by exploiting the browser's behavior of displaying only the title of a web page on the address bar when visiting a blank page, without showing any URL information. **Recommendations** For versions prior to 1.0.41.8, update to version 1.0.41.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.2 **Description** The issue involves the WebKit component, allowing XSS attacks against Safari. This is due to a lack of protection for the web page structure, which can be exploited by a remote attacker to conduct XSS attacks by injecting malicious code into the Safari browser. **Recommendations** For iOS versions prior to 10.2, update to a version 10.2 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially malicious web pages to minimize the risk of exploitation.