CVE-2011-0169

Name of the Vulnerable Software and Affected Versions Apple Safari versions prior to 5.0.4

Description The issue allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site, when the Web Inspector is used. This is due to improper handling of the window.console. inspectorCommandLineAPI property.

Recommendations For versions prior to 5.0.4, update to version 5.0.4 or later to resolve the issue. As a temporary workaround, consider disabling the Web Inspector until a patch is available. Restrict access to potentially malicious web sites to minimize the risk of exploitation.