Apple Safari iPhone/iPod touch Malformed Webpage Remote Code Execution Vulnerability

Bugtraq ID:	38994
Class:	Unknown
CVE:	CVE-2010-1177
Remote:	Yes
Local:	No
Published:	Mar 26 2010 12:00AM
Updated:	Apr 13 2015 09:02PM
Credit:	Nishant Das Patnaik
Vulnerable:	Apple iPod Touch 3.1.3 Apple iPod Touch 3.1.2 Apple iPod Touch 3.1.1 Apple iPod Touch 3.0 Apple iPhone 3.1.3 Apple iPhone 3.1.2 Apple iPhone 3.0.1 Apple iPhone 3.1 Apple iPhone 3.0
Not Vulnerable:

Apple Safari iPhone/iPod touch Malformed Webpage Remote Code Execution Vulnerability

Apple Safari running on iPhone and iPod touch is prone to a remote code-execution vulnerability.

Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions.

Safari on Apple iPhone and iPod touch 3.1.3 and prior are vulnerable.

Apple Safari iPhone/iPod touch Malformed Webpage Remote Code Execution Vulnerability

The following proof of concept is available:

• /data/vulnerabilities/exploits/38994.html

Apple Safari iPhone/iPod touch Malformed Webpage Remote Code Execution Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Apple Safari iPhone/iPod touch Malformed Webpage Remote Code Execution Vulnerability

References:

• Remote DoS on Safari for iPhone & iPod Touch (Nishant Das Patnaik)
  
• Safari Home Page (Apple)