Apple iPhone Safari Browser Frame Events Same-Origin Policy Bypass Vulnerability

Apple iPhone Safari Browser Frame Events Same-Origin Policy Bypass Vulnerability

Apple iPhone is prone to a vulnerability that lets attackers bypass the same-origin policy.

Attackers can exploit this issue to execute arbitrary JavaScript in the context of another domain.

Versions prior to iPhone 1.1.1 are vulnerable.

NOTE: This issue was initially disclosed along with several other issues in BID 25834 (Apple iPhone 1.1.1 Update Multiple Security Vulnerabilities). Each issue has been assigned its own BID to better document the details.