Apple iPhone Safari Unspecified Remote Code Execution Vulnerability

Bugtraq ID:	38957
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	Mar 24 2010 12:00AM
Updated:	Mar 24 2010 12:00AM
Credit:	This issue was disclosed by Vincenzo Iozzo and Raif Weinmann during the Pwn2Own 2010 contest as part of the CanSecWest security conference.
Vulnerable:	Apple Safari 4.0.5 Apple Safari 4.0.4 Apple Safari 4.0.3 Apple Safari 4.0.2 Apple Safari 4.0.1 Apple Safari 4 Beta Apple Safari 4
Not Vulnerable:

Apple iPhone Safari Unspecified Remote Code Execution Vulnerability

Apple Safari running on iPhone is prone to an unspecified remote code-execution vulnerability.

Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions.

This vulnerability affects Apple Safari versions running on the iPhone platform; other versions may be vulnerable as well.

Apple iPhone Safari Unspecified Remote Code Execution Vulnerability

The researcher responsible for discovering this issue has developed exploit code to trigger this vulnerability. This exploit code is not known to be publicly available.

Apple iPhone Safari Unspecified Remote Code Execution Vulnerability

References:

• Apple iPhone, Microsoft IE 8 get hacked in Pwn2Own contest (TechTarget)
  
• iPhone, Safari, IE 8, Firefox hacked in CanSecWest contest (cnet)
  
• Pwn2Own 2010 (TippingPoint)
  
• Safari Home Page (Apple)