CVE-2008-4232

Name of the Vulnerable Software and Affected Versions: Safari in Apple iPhone OS versions 2.0 through 2.1 Safari in Apple iPhone OS for iPod touch versions 2.1

Description: The issue allows remote attackers to spoof a user interface via a crafted HTML document because Safari does not restrict an IFRAME's content display to the boundaries of the IFRAME.

Recommendations: For Apple iPhone OS versions 2.0 through 2.1, consider disabling the use of IFRAMEs in Safari until a patch is available. For Apple iPhone OS for iPod touch versions 2.1, restrict access to crafted HTML documents to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.