CVE-2009-1685: XSS
First published: Wed Jun 10 2009(Updated: )
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an embedded document or (2) a parent document.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Mobile Safari | =1.1 | |
| Apple Mobile Safari | =1.3.1 | |
| Apple Mobile Safari | =3.2.3 | |
| Apple Mobile Safari | =2.0.2 | |
| Apple Mobile Safari | =3.1 | |
| Apple Mobile Safari | =3.1.2 | |
| Apple Mobile Safari | =3.0 | |
| Apple Mobile Safari | =0.8 | |
| Apple Mobile Safari | =2.0 | |
| Apple Mobile Safari | =3.0.4 | |
| Apple Mobile Safari | =0.9 | |
| Apple Mobile Safari | =3.0.3 | |
| Apple Mobile Safari | =1.3.2 | |
| Apple Mobile Safari | =1.2 | |
| Apple Mobile Safari | <=4.0_beta | |
| Apple Mobile Safari | =3.2.1 | |
| Apple Mobile Safari | =3.0.2 | |
| Apple Mobile Safari | =2.0.4 | |
| Apple Mobile Safari | =3.1.1 | |
| Apple Mobile Safari | =1.0.3 | |
| Apple Mobile Safari | =1.0 | |
| Apple Mobile Safari | =1.3 | |
| Apple Mobile Safari | =3.2 | |
| Apple Mobile Safari | =3.0.1 | |
| Apple Mobile Safari | =3.1.2 | |
| Apple Mobile Safari | <=3.2.3 | |
| Apple Mobile Safari | =3.0.3 | |
| Apple Mobile Safari | =3.0.2 | |
| Apple Mobile Safari | =3.1.1 | |
| Apple Mobile Safari | =3.0 | |
| Apple Mobile Safari | =3.1 | |
| Apple Mobile Safari | =3.2.2 | |
| Apple Mobile Safari | =3.2.1 | |
| Apple Mobile Safari | =3.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/35379
- http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
- http://www.securityfocus.com/bid/35260
- http://www.vupen.com/english/advisories/2009/1522
- http://support.apple.com/kb/HT3613
- http://securitytracker.com/id?1022344
- http://osvdb.org/54983
- http://support.apple.com/kb/HT3639
- http://www.vupen.com/english/advisories/2009/1621
- http://www.securityfocus.com/bid/35319
- http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
- http://secunia.com/advisories/43068
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://www.vupen.com/english/advisories/2011/0212
Frequently Asked Questions
What is the severity of CVE-2009-1685?
CVE-2009-1685 is rated as a moderate severity vulnerability due to the potential for cross-site scripting attacks.
How do I fix CVE-2009-1685?
To fix CVE-2009-1685, upgrade to Apple Safari version 4.0 or later, which addresses this vulnerability.
What is the impact of CVE-2009-1685?
The impact of CVE-2009-1685 allows attackers to inject arbitrary web scripts and HTML into web pages, compromising user data.
Which versions are affected by CVE-2009-1685?
CVE-2009-1685 affects Apple Safari versions prior to 4.0, including various versions on both macOS and Windows.
Is there any workaround for CVE-2009-1685?
There are no effective workarounds for CVE-2009-1685 other than upgrading to a secure version of Apple Safari.
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- agent/last-modified-date
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/apple
- canonical/apple mobile safari
- version/apple mobile safari/1.1
- version/apple mobile safari/1.3.1
- version/apple mobile safari/3.2.3
- version/apple mobile safari/2.0.2
- version/apple mobile safari/3.1
- version/apple mobile safari/3.1.2
- version/apple mobile safari/3.0
- version/apple mobile safari/0.8
- version/apple mobile safari/2.0
- version/apple mobile safari/3.0.4
- version/apple mobile safari/0.9
- version/apple mobile safari/3.0.3
- version/apple mobile safari/1.3.2
- version/apple mobile safari/1.2
- version/apple mobile safari/4.0_beta
- version/apple mobile safari/3.2.1
- version/apple mobile safari/3.0.2
- version/apple mobile safari/2.0.4
- version/apple mobile safari/3.1.1
- version/apple mobile safari/1.0.3
- version/apple mobile safari/1.0
- version/apple mobile safari/1.3
- version/apple mobile safari/3.2
- version/apple mobile safari/3.0.1
- version/apple mobile safari/3.2.2