Apple iOS Remote Code Execution and Address Bar Urls Spoofing Vulnerabilities

Last Update Date: 8 May 2012 12:40 Release Date: 8 May 2012 5958 Views

RISK: Medium Risk

Medium Risk

TYPE: Operating Systems - Mobile & Apps

TYPE: Mobile & Apps

Two vulnerabilities were identified in Apple iOS. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can spoof the address bar URL.

  1. A remote user can create a specially crafted file that, when loaded by the target user, will trigger a memory corruption error in WebKit and execute arbitrary code on the target system. The code will run with the privileges of the target user.
  2. A remote user can create specially crafted HTML that, when loaded by the target user, will exploit a flaw in Safari and direct the target user to a spoofed site with a URL that appears to be a legitimate domain. OS X is not affected.

Impact

  • Remote Code Execution
  • Spoofing

System / Technologies affected

  • iOS version prior to 5.1.1

 

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to iOS version 5.1.1

Vulnerability Identifier

Source

Related Link

Share with

Previous

Apple Mac OS X FileVault Plain Text Password Logging Vulnerability

8 May 2012 5282 Views

Next

Microsoft Word RTF Mismatch Vulnerability

9 May 2012 4968 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY