CVE-2012-0585 Information

Description

The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method.

Reference

http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html http://osvdb.org/79964 http://secunia.com/advisories/48288 http://secunia.com/advisories/48377 http://www.securitytracker.com/id?1026774 https://exchange.xforce.ibmcloud.com/vulnerabilities/73871