WebKit in Apple Safari prior to 4.0, iPhone OS 1.0 up to and including 2.2.1, and iPhone OS for iPod touch 1.1 up to and including 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote malicious users to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple safari 3.1.2 |
||
apple safari 0.8 |
||
apple safari 2.0.2 |
||
apple safari 2.0.4 |
||
apple safari 3.0 |
||
apple safari 3.0.4 |
||
apple safari 1.2 |
||
apple safari 1.3 |
||
apple safari |
||
apple safari 3.0.2 |
||
apple safari 3.1.1 |
||
apple safari 3.1 |
||
apple safari 1.3.1 |
||
apple safari 1.3.2 |
||
apple safari 2.0 |
||
apple safari 0.9 |
||
apple safari 3.0.3 |
||
apple safari 1.0 |
||
apple safari 1.1 |
||
apple safari 3.2.1 |
||
apple safari 3.2.3 |
||
apple safari 1.0.3 |
||
apple safari 3.2 |
||
apple safari 3.0.1 |
||
apple safari 3.2.2 |