Design/Logic Flaw

2013-01-2905:58:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.1%

JSON

StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions and execute JavaScript code via a web site with a Smart App Banner.

CPENameOperatorVersion
iphone_osle6.0.2
iphone_oseq6.0
iphone_oseq6.0.1

Name	Operator	Version
iphone_os	le	6.0.2
iphone_os	eq	6.0
iphone_os	eq	6.0.1

References

lists.apple.com/archives/security-announce/2013/Jan/msg00000.html

osvdb.org/89658

support.apple.com/kb/HT5642