Release date: 2011-10-14
Updated on: 2011-10-14
Affected Systems:
Apple iOS <5
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2011-3426
MobileSafari is the browser of Apple's iOS device.
The mobile safari of Apple has a security vulnerability when processing the Content-Disposition Header. The Content of the attachment is opened without prompting the user. As a result, the attachment can fully access the DOM of the target domain, attackers can perform cross-site scripting attacks to expose sensitive information. Attackers usually use social engineering attacks or insert content to controlled sites.
<* Source: Christian Matthies
Link: Apple MobileSafari Attachment Viewing Cross Site Scripting Vulnerability
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Apple
-----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://support.apple.com/