BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

iOS Safari text/plain Cross-Site Scripting Vulnerability

Disclosed April 26, 2013    Fully Patched

Vulnerability Description:

Mobile Safari does not properly evaluate the text/plain Content-Type. Instead, it decides how to display the page, based on the page’s elements. Therefore, pages that would normally be rendered as plaintext (using the Content-Type: text/plain) could be rendered as HTML. This allows an attacker to execute arbitrary JavaScript code within the context of the current user.

Vendors:

Apple

Vulnerable Software/Devices:

Mobile Safari on iOS 6.1.4 and prior

Vulnerability Severity:

Medium

Exploit Availability:

N/A

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 30602 - Apple iOS Multiple Vulnerabilities (20130919)

Mitigation:

Use an alternate mobile browser, such as Chrome.

Links:

CVE(s):

None

Leave a Reply