Apple Safari for iPhone/iPod touch Malformed 'Throw' Exception Remote Code Execution Vulnerability

Bugtraq ID:	38992
Class:	Unknown
CVE:	CVE-2010-1180
Remote:	Yes
Local:	No
Published:	Mar 26 2010 12:00AM
Updated:	Apr 13 2015 09:02PM
Credit:	Nishant Das Patnaik
Vulnerable:	Apple iPod Touch 3.1.3 Apple iPod Touch 3.1.2 Apple iPod Touch 3.1.1 Apple iPod Touch 3.0 Apple iPhone 3.1.3 Apple iPhone 3.1.2 Apple iPhone 3.0.1 Apple iPhone 3.1 Apple iPhone 3.0
Not Vulnerable:

Apple Safari for iPhone/iPod touch Malformed 'Throw' Exception Remote Code Execution Vulnerability

Apple Safari on iPhone and iPod touch is prone to a remote code-execution vulnerability.

Successful exploits can allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions.

Safari on Apple iPhone and iPod touch 3.1.3 is vulnerable; other versions may also be affected.

Apple Safari for iPhone/iPod touch Malformed 'Throw' Exception Remote Code Execution Vulnerability

The following proof-of-concept code is available:

• /data/vulnerabilities/exploits/38992.html

Apple Safari for iPhone/iPod touch Malformed 'Throw' Exception Remote Code Execution Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Apple Safari for iPhone/iPod touch Malformed 'Throw' Exception Remote Code Execution Vulnerability

References:

• Bad "throw" exception Remote DoS on Safari for iPhone & iPod Touch (Nishant Das Patnaik)
  
• Safari Home Page (Apple)