Skip to main content

Apple iOS Remote Code Execution and Address Bar Urls Spoofing Vulnerabilities

Last Update Date: 8 May 2012 12:40 Release Date: 8 May 2012 6104 Views

RISK: Medium Risk

TYPE: Operating Systems - Mobile & Apps

TYPE: Mobile & Apps

Two vulnerabilities were identified in Apple iOS. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can spoof the address bar URL.

  1. A remote user can create a specially crafted file that, when loaded by the target user, will trigger a memory corruption error in WebKit and execute arbitrary code on the target system. The code will run with the privileges of the target user.
  2. A remote user can create specially crafted HTML that, when loaded by the target user, will exploit a flaw in Safari and direct the target user to a spoofed site with a URL that appears to be a legitimate domain. OS X is not affected.

Impact

  • Remote Code Execution
  • Spoofing

System / Technologies affected

  • iOS version prior to 5.1.1

 


Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to iOS version 5.1.1

Vulnerability Identifier


Source


Related Link