CVE-2009-3271

Apple Safari - Improper Input Validation

Title source: rule

Description

Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.

Exploits (1)

exploitdb WORKING POC VERIFIED
by cloud · phpdoshardware
https://www.exploit-db.com/exploits/9666

References (3)

Scores

EPSS 0.0516
EPSS Percentile 89.9%

Details

CWE
CWE-20
Status published
Products (2)
apple/iphone_os 3.0.1
apple/safari
Published Sep 21, 2009
Tracked Since Feb 18, 2026