Apple iPhone Mobile Safari Browser JavaScript Execution Weakness
BID:25853
Info
Apple iPhone Mobile Safari Browser JavaScript Execution Weakness
| Bugtraq ID: | 25853 |
| Class: | Design Error |
| CVE: |
CVE-2007-3759 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 27 2007 12:00AM |
| Updated: | Sep 27 2007 12:00AM |
| Credit: | This issue was disclosed by the vendor. |
| Vulnerable: |
Apple iPhone 1.0.1 Apple iPhone 1 Apple iPhone 0 |
| Not Vulnerable: |
Apple iPhone 1.1.1 |
Discussion
Apple iPhone Mobile Safari Browser JavaScript Execution Weakness
Apple iPhone Mobile Safari browser is prone to a weakness when disabling JavaScript.
This issue can aid in the success of attacks that rely on JavaScript.
Versions prior to iPhone 1.1.1 are vulnerable.
NOTE: This issue was initially disclosed along with several other issues in BID 25834 (Apple iPhone 1.1.1 Update Multiple Security Vulnerabilities). Each issue has been assigned its own BID to better document the details.
Apple iPhone Mobile Safari browser is prone to a weakness when disabling JavaScript.
This issue can aid in the success of attacks that rely on JavaScript.
Versions prior to iPhone 1.1.1 are vulnerable.
NOTE: This issue was initially disclosed along with several other issues in BID 25834 (Apple iPhone 1.1.1 Update Multiple Security Vulnerabilities). Each issue has been assigned its own BID to better document the details.
Exploit / POC
Apple iPhone Mobile Safari Browser JavaScript Execution Weakness
Attackers cannot exploit this issue directly, but it may aid in exploiting other latent vulnerabilities regarding JavaScript in the Mobile Safari browser.
Attackers cannot exploit this issue directly, but it may aid in exploiting other latent vulnerabilities regarding JavaScript in the Mobile Safari browser.
Solution / Fix
Apple iPhone Mobile Safari Browser JavaScript Execution Weakness
Solution:
A vendor advisory is available to address this issue. Please see the referenced advisory for more information.
Apple iPhone 0
Apple iPhone 1
Apple iPhone 1.0.1
Solution:
A vendor advisory is available to address this issue. Please see the referenced advisory for more information.
Apple iPhone 0
-
Apple iTunesSetup.exe
http://www.apple.com/itunes/download/iTunesSetup.exe
Apple iPhone 1
-
Apple iTunesSetup.exe
http://www.apple.com/itunes/download/iTunesSetup.exe
Apple iPhone 1.0.1
-
Apple iTunesSetup.exe
http://www.apple.com/itunes/download/iTunesSetup.exe
References
Apple iPhone Mobile Safari Browser JavaScript Execution Weakness
References:
References: