Check Point Advisories

Update Protection against Apple iPhone Safari 'tel:' URI Handling Remote Denial of Service

Check Point Reference: CPAI-2010-120
Date Published: 25 Mar 2010
Severity: High
Last Updated: Friday 01 January, 2010
Source: Bugtraq ID: 36386
Industry Reference:CVE-2009-3271
Protection Provided by:
Who is Vulnerable? Apple iPhone 3.0.1
Vulnerability Description The Safari browser on the Apple iPhone is prone to a denial-of-service vulnerability. By persuading a user to visit a specially-crafted Web site containing a overly long tel: URI in an iframe, a remote attacker could exploit this vulnerability to cause the device to crash.
Vulnerability DetailsThe vulnerability is caused by an error in the Safari Web browser when handling tel: URIs. Attackers can trigger the vulnerability by convincing a user to visit a malicious site which will then crash the device.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK