Quicklinks: Home Contact


G-SEC™ regularly publishes advisories about vulnerabilities that we discovered during our research. G-SEC™ tries to follow responsible disclosure guidelines whenever possible.

More information »


iPhone &iPod Touch - Remote arbritary code execution

Reference : [GSEC-TZO-45-2009] - iPhone remote arbritary code execution
CVE : CVE-2009-1698
BID : 35318
Credit : http://support.apple.com/kb/HT3639
Discovered by : Thierry Zoller

Affected products :

I. Background

Wikipedia quote: "Apple Inc. (NASDAQ: AAPL) is an American multinational corporation which designs and manufactures consumer electronics and software products. The company's best-known hardware products include "

II. Description

Calling the CSS attr() attribute with a large number leads to memory corruption, heap spraying allows execution of code.

III. Impact

Arbritary remode code execution can be achieved by creating a special website and entice

IV. Proof of concept

None will be released

V. Disclosure timeline

Nothing particular to note.

Note: All trademarks mentioned herein belong to their respective owners.