For compatibility reasons with Citrix Self-Service, the Citrix Workspace App in OS 11.09.110 uses older Webkit that suffers from these vulnerabilities. However, the risk is mitigated by the fact that Citrix Self-Service does not open arbitrary web pages, but only pages from the customer’s Citrix infrastructure. The rest of the system uses the updated Webkit with the security fixes.