Apple iOS and Mac OS X CFNetwork Cross Domain Information Disclosure Vulnerability

Apple iOS and Mac OS X are prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy.

An attacker can exploit this issue to obtain sensitive information related to an arbitrary domain by enticing a victim to visit a maliciously crafted website.

NOTE: This issue was previously discussed in BID 50085 (Apple Mac OS X Prior to 10.7.2 Multiple Security Vulnerabilities) but has been given its own record to better document it.


Privacy Statement
Copyright 2010, SecurityFocus