Vulnerability Description
Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Ipod Touch | All versions |
| Apple | Iphone Os | All versions |
| Apple | Safari | All versions |
References
- http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.htmlVendor Advisory
- http://osvdb.org/50029
- http://secunia.com/advisories/32756
- http://support.apple.com/kb/HT3318Vendor Advisory
- http://www.securityfocus.com/bid/32394
- http://www.securitytracker.com/id?1021272
- http://www.vupen.com/english/advisories/2008/3232
- http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.htmlVendor Advisory
- http://osvdb.org/50029
- http://secunia.com/advisories/32756
- http://support.apple.com/kb/HT3318Vendor Advisory
- http://www.securityfocus.com/bid/32394
- http://www.securitytracker.com/id?1021272
- http://www.vupen.com/english/advisories/2008/3232
FAQ
What is CVE-2008-4232?
CVE-2008-4232 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to s...
How severe is CVE-2008-4232?
CVE-2008-4232 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4232?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Ipod Touch, Apple Iphone Os, Apple Safari.