VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 26, 2010· Updated Apr 29, 2026

CVE-2010-3829

CVE-2010-3829

Description

WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

WebKit in iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with DNS prefetching.

Vulnerability

WebKit in Apple iOS before 4.2 mishandles HTML LINK elements with a DNS prefetching property (rel="dns-prefetch"). In the Mail application, even when the user has disabled remote image loading, WebKit performs DNS prefetching for domains specified in such LINK elements. This allows an attacker to bypass the remote image loading setting. Affected versions include iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, and iOS 3.2 through 3.2.2 for iPad [1].

Exploitation

An attacker sends an HTML email containing a LINK element with rel="dns-prefetch" pointing to an attacker-controlled domain. When the recipient opens the email in Mail on a vulnerable iOS device, WebKit resolves the domain name via DNS, even if remote image loading is disabled. The attacker can detect this DNS query, confirming that the email was opened and gaining a read receipt. No additional user interaction or authentication is required.

Impact

The attacker successfully bypasses the user's privacy setting that blocks remote images, obtaining a read receipt. This leaks the fact that the email was opened and the approximate time. The impact is limited to information disclosure (privacy violation) and does not enable code execution or broader data access.

Mitigation

Fixed in iOS 4.2, released on November 22, 2010 [1]. Users should update to iOS 4.2 or later via iTunes. No workaround is available for vulnerable versions. This issue is related to CVE-2010-3813. It is not listed on the CISA Known Exploited Vulnerabilities catalog.

References
  1. About the security content of iOS 4.2 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

30
  • Apple Inc./Iphone Os29 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 28 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=4.1
    • cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*
  • Apple Inc./iOSllm-fuzzy
    Range: <4.2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

11

News mentions

0

No linked articles in our index yet.