Apple iOS Remote Code Execution and Address Bar Urls Spoofing Vulnerabilities
Last Update Date:
8 May 2012 12:40
Release Date:
8 May 2012
6104
Views
RISK: Medium Risk
TYPE: Operating Systems - Mobile & Apps
Two vulnerabilities were identified in Apple iOS. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can spoof the address bar URL.
- A remote user can create a specially crafted file that, when loaded by the target user, will trigger a memory corruption error in WebKit and execute arbitrary code on the target system. The code will run with the privileges of the target user.
- A remote user can create specially crafted HTML that, when loaded by the target user, will exploit a flaw in Safari and direct the target user to a spoofed site with a URL that appears to be a legitimate domain. OS X is not affected.
Impact
- Remote Code Execution
- Spoofing
System / Technologies affected
- iOS version prior to 5.1.1
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to iOS version 5.1.1
Vulnerability Identifier
Source
Related Link
Share with