CVE-2010-1757 — MEDIUM (6.4)

Q: How severe is CVE-2010-1757?

CVE-2010-1757 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-1757?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Apple Ipod Touch.

Vulnerability Description

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document.

CVSS Score

6.4

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:P

Confidentiality

NONE

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Apple	Iphone Os	< 4.0
Apple	Ipod Touch	-

Related Weaknesses (CWE)

CWE-264

References

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlMailing ListVendor Advisory
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.htmlMailing ListVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlMailing ListThird Party Advisory
http://secunia.com/advisories/42314Third Party Advisory
http://secunia.com/advisories/43068Third Party Advisory
http://support.apple.com/kb/HT4225Vendor Advisory
http://support.apple.com/kb/HT4456Vendor Advisory
http://www.securityfocus.com/bid/41016Third Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/41068Third Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2011/0212Third Party Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlMailing ListVendor Advisory
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.htmlMailing ListVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlMailing ListThird Party Advisory
http://secunia.com/advisories/42314Third Party Advisory
http://secunia.com/advisories/43068Third Party Advisory

FAQ

What is CVE-2010-1757?

CVE-2010-1757 is a vulnerability with a CVSS score of 6.4 (MEDIUM). WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user i...

How severe is CVE-2010-1757?

CVE-2010-1757 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-1757?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Apple Ipod Touch.