CVE-2011-0159

iPhone OS < 4.3 - Cookie Tracking via Improper Safari Settings Input Validation

Title source: llm
STIX 2.1

Description

The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by setting a cookie.

References (4)

Core 4
Core References
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4564
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46810
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025182

Scores

EPSS 0.0172
EPSS Percentile 74.8%

Details

CWE
CWE-20
Status published
Products (3)
apple/iphone_os 4.0
apple/iphone_os 4.1
apple/iphone_os 4.2
Published Mar 11, 2011
Tracked Since Feb 18, 2026