Thursday, June 18 2009
I've been waiting for quite some time to publish the full details of the iPhone Safari Phone-auto-Dial vulnerability. But since Apple included it again in the just published security fixes for iPhone OS 3.0 I decided to finally
go ahead and publish the details. The examples in the advisory show only the original bug also we found some
variations of it, we didn't put any examples in the advisory.
iPhone Safari Phone Auto-dial Vulnerability also see my iPhone page.
I'm also credited, together with many others, for reporting the issue that Mail loads remote images when
displaying HTML emails. The problem is actually a little bit bigger since also iframes are loaded. I actually
showed them a demo where I can start QuickTime from Mail without user interaction. Do I need to say more?
The second advisory is about the Nokia 6212 classic an Near Field Communication mobile phone. I did a
full disclosure of the bugs at 25C3 in late December 2008 but I never published an actual advisory. I do this now.
Nokia 6212 Classic URI Spoofing and DoS vulnerabilities also see my NFC page.