Security Advisory

CVE-2009-1681

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2009-06-10 14:00:00

Last updated 2024-08-07 05:20:35

Assigner mitre

State PUBLISHED

Description

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document.

← Browse all CVEs View on cve.org ↗