CVE-2008-4233

Name of the Vulnerable Software and Affected Versions: Safari in Apple iPhone OS versions 1.0 through 2.1 Safari in Apple iPhone OS for iPod touch versions 1.1 through 2.1

Description: The issue allows remote attackers to make arbitrary phone calls via a crafted HTML document because Safari does not isolate the call-approval dialog from the process of launching new applications.

Recommendations: For Apple iPhone OS versions 1.0 through 2.1, consider disabling the launch of new applications from within Safari until a fix is available. For Apple iPhone OS for iPod touch versions 1.1 through 2.1, restrict access to Safari when making phone calls to minimize the risk of exploitation.