CVE-2010-1119

Name of the Vulnerable Software and Affected Versions Apple Safari versions prior to 5.0 on Mac OS X 10.5 through 10.6 and Windows Apple Safari versions prior to 4.1 on Mac OS X 10.4 Safari on Apple iPhone OS (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary code, cause a denial of service, or read sensitive data, such as the SMS database, via vectors related to attribute manipulation. This was demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010.

Recommendations For Apple Safari versions prior to 5.0 on Mac OS X 10.5 through 10.6 and Windows, update to version 5.0 or later. For Apple Safari versions prior to 4.1 on Mac OS X 10.4, update to version 4.1 or later. For Safari on Apple iPhone OS, at the moment, there is no information about a newer version that contains a fix for this vulnerability.