Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0585

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-0585
Last Modified 13 Mar 2012 11:28:07
Published 08 Mar 2012 05:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-0585

Summary

The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method.

Vulnerable Systems

Operating System

  • Apple Iphone Os 3.0

  • Apple Iphone Os 3.1

  • Apple Iphone Os 3.1.2

  • Apple Iphone Os 3.1.3

  • Apple Iphone Os 3.2

  • Apple Iphone Os 3.2.1

  • Apple Iphone Os 3.2.2

  • Apple Iphone Os 4.0

  • Apple Iphone Os 4.0.1

  • Apple Iphone Os 4.0.2

  • Apple Iphone Os 4.1

  • Apple Iphone Os 4.2.1

  • Apple Iphone Os 4.2.5

  • Apple Iphone Os 4.2.8

  • Apple Iphone Os 4.3.0

  • Apple Iphone Os 4.3.1

  • Apple Iphone Os 4.3.2

  • Apple Iphone Os 4.3.3

  • Apple Iphone Os 4.3.5

  • Apple Iphone Os 5.0

  • Apple Iphone Os 5.0.1


References

APPLE - APPLE-SA-2012-03-07-2

APPLE - APPLE-SA-2012-03-12-1

Related Patches

Apple 2012-03-12 Safari Update 5.1.4 (Lion)

Apple 2012-03-12 Safari Update 5.1.4 (Snow Leopard)


Last Updated: 27 May 2016 10:58:21