Apple iPhone Safari Browser Same Domain Content Manipulation Vulnerability

Apple iPhone Safari Browser Same Domain Content Manipulation Vulnerability

Apple iPhone Safari browser is prone to a vulnerability regarding content between HTTP and HTTPS pages served from the same domain.

An attacker can exploit this issue to execute arbitrary script code in the context of the HTTPS webpages.

Versions prior to iPhone 1.1.1 are vulnerable.

NOTE: This issue was initially disclosed along with several other issues in BID 25834 (Apple iPhone 1.1.1 Update Multiple Security Vulnerabilities). Each issue has been assigned its own BID to better document the details.