WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2009-06-10T14:00:00
Updated: 2024-08-07T05:20:35.218Z
Reserved: 2009-05-20T00:00:00
Link: CVE-2009-1681
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-06-10T14:30:00.217
Modified: 2011-02-17T06:43:38.037
Link: CVE-2009-1681
Redhat
No data.