CVE-2010-1755

Vulnerability

Safari in Apple iOS before version 4 on iPhone and iPod touch does not properly implement the Accept Cookies preference [1]. This means that even if a user has configured Safari to reject cookies, the browser still accepts cookies from remote web servers. The bug affects all devices running iOS versions prior to 4 [1].

Exploitation

An attacker can host a malicious website that sets a tracking cookie when visited by an iOS user running a vulnerable version of Safari. No special network position or authentication is required; the attacker simply relies on the user visiting the website via Safari. The cookie is stored and sent back to the attacker's server on subsequent requests, enabling user tracking despite the user's cookie-blocking preference [1].

Impact

Successful exploitation allows a remote web server to place cookies on an iOS device and track the user's browsing activity across sessions. This defeats the user's explicit cookie-blocking setting, leading to a privacy breach and unauthorized information disclosure about the user's browsing habits [1].

Mitigation

The vulnerability is fixed in iOS 4, released on June 21, 2010 [1]. Users should update to iOS 4 or later via iTunes on a computer. No workaround is available; the only mitigation is to install the update. The referenced advisory [1] is archived but confirms the fix.