Release date:
Updated on: 2013-01-31
Affected Systems:
Apple iPhone 4.x
Apple iPhone 3.x
Apple iOS 3.x
Apple iOS 2.x
Apple TV 5.x
Apple TV 4.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 57597
CVE (CAN) ID: CVE-2013-0974
Apple iOS is an operating system developed by Apple.
The StoreKit of Apple iOS does not correctly disable JS in Mobile Safari preferences, allowing remote attackers to bypass access restrictions and execute JavaScript code through a site with the Smart App Banner.
<* Source: Ben Madison
Andrew Plotkin
Marek Durcek
Link: https://support.apple.com/kb/HT5642? Utm_source = feedburner & utm_medium = feed & utm_campaign = Feed % 3A + Cooln
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Apple
-----
Apple has released a Security Bulletin (HT5642) and corresponding patches for this:
HT5642: About the security content of iOS 6.1 Software Update
Link: https://support.apple.com/kb/HT5642? Utm_source = feedburner & utm_medium = feed & utm_campaign = Feed % 3A + Cooln