Apple iPhone Safari Browser Frame Events Same-Origin Policy Bypass Vulnerability

Bugtraq ID:	25851
Class:	Access Validation Error
CVE:	CVE-2007-3761
Remote:	Yes
Local:	No
Published:	Sep 27 2007 12:00AM
Updated:	Sep 27 2007 12:00AM
Credit:	This issue was disclosed by the vendor.
Vulnerable:	Apple iPhone 1.0.1 Apple iPhone 1 Apple iPhone 0
Not Vulnerable:	Apple iPhone 1.1.1

Apple iPhone Safari Browser Frame Events Same-Origin Policy Bypass Vulnerability

Apple iPhone is prone to a vulnerability that lets attackers bypass the same-origin policy.

Attackers can exploit this issue to execute arbitrary JavaScript in the context of another domain.

Versions prior to iPhone 1.1.1 are vulnerable.

NOTE: This issue was initially disclosed along with several other issues in BID 25834 (Apple iPhone 1.1.1 Update Multiple Security Vulnerabilities). Each issue has been assigned its own BID to better document the details.

Apple iPhone Safari Browser Frame Events Same-Origin Policy Bypass Vulnerability

To exploit this issue, an attacker must entice a victim into visiting a malicious webpage.

Apple iPhone Safari Browser Frame Events Same-Origin Policy Bypass Vulnerability

Solution:
A vendor advisory is available to address this issue. Please see the referenced advisory for more information.


Apple iPhone 0

• Apple iTunesSetup.exe
  http://www.apple.com/itunes/download/iTunesSetup.exe

Apple iPhone 1

• Apple iTunesSetup.exe
  http://www.apple.com/itunes/download/iTunesSetup.exe

Apple iPhone 1.0.1

• Apple iTunesSetup.exe
  http://www.apple.com/itunes/download/iTunesSetup.exe

Apple iPhone Safari Browser Frame Events Same-Origin Policy Bypass Vulnerability

References:

• About the security content of the iPhone 1.1.1 Update (Apple)
  
• iPhone Product Page (Apple)