What is the severity of CVE-2009-1686?

CVE-2009-1686 is rated as a critical vulnerability due to its potential for remote code execution.

How do I fix CVE-2009-1686?

To fix CVE-2009-1686, users should update to the latest version of Apple Safari that is not affected by this vulnerability.

What versions of Safari are affected by CVE-2009-1686?

CVE-2009-1686 affects Apple Safari versions prior to 4.0, including multiple version numbers like 3.1.2, 3.1, and others.

What type of attacks can exploit CVE-2009-1686?

CVE-2009-1686 can be exploited via remote attacks that leverage JavaScript exception handling to execute arbitrary code.

Who is impacted by CVE-2009-1686?

Users of Apple Safari before version 4.0, including those on Mac and Windows platforms, are impacted by CVE-2009-1686.

Vulnerability/
CVE-2009-1686

critical

9.3

CWE

10/6/2009

17/2/2011

CVE-2009-1686: Input Validation

First published: Wed Jun 10 2009(Updated: )

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Apple Mobile Safari	=3.1.2
Apple Mobile Safari	=0.9
Apple Mobile Safari	=1.3.2
Apple Mobile Safari	=1.2
Apple Mobile Safari	=3.0.4
Apple Mobile Safari	=3.0.3
Apple Mobile Safari	=1.3.1
Apple Mobile Safari	=2.0.4
Apple Mobile Safari	=3.0
Apple Mobile Safari	=3.2.3
Apple Mobile Safari	=1.1
Apple Mobile Safari	<=4.0_beta
Apple Mobile Safari	=3.1
Apple Mobile Safari	=2.0
Apple Mobile Safari	=3.0.2
Apple Mobile Safari	=1.0.3
Apple Mobile Safari	=1.0
Apple Mobile Safari	=2.0.2
Apple Mobile Safari	=3.1.1
Apple Mobile Safari	=1.3
Apple Mobile Safari	=0.8
Apple Mobile Safari	=3.2
Apple Mobile Safari	=3.0.3
Apple Mobile Safari	=3.0.1
Apple Mobile Safari	=3.2.1
Apple Mobile Safari	=3.1.2
Apple Mobile Safari	<=3.2.3
Apple Mobile Safari	=3.0.2
Apple Mobile Safari	=3.1
Apple Mobile Safari	=3.1.1
Apple Mobile Safari	=3.0
Apple Mobile Safari	=3.2.2
Apple Mobile Safari	=3.2.1
Apple Mobile Safari	=3.0.4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-1686?
CVE-2009-1686 is rated as a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2009-1686?
To fix CVE-2009-1686, users should update to the latest version of Apple Safari that is not affected by this vulnerability.
What versions of Safari are affected by CVE-2009-1686?
CVE-2009-1686 affects Apple Safari versions prior to 4.0, including multiple version numbers like 3.1.2, 3.1, and others.
What type of attacks can exploit CVE-2009-1686?
CVE-2009-1686 can be exploited via remote attacks that leverage JavaScript exception handling to execute arbitrary code.
Who is impacted by CVE-2009-1686?
Users of Apple Safari before version 4.0, including those on Mac and Windows platforms, are impacted by CVE-2009-1686.

agent/references
agent/weakness
agent/severity
agent/author
agent/type
agent/description
agent/event
agent/last-modified-date
agent/remedy
agent/first-publish-date
agent/softwarecombine
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/apple
canonical/apple mobile safari
version/apple mobile safari/3.1.2
version/apple mobile safari/0.9
version/apple mobile safari/1.3.2
version/apple mobile safari/1.2
version/apple mobile safari/3.0.4
version/apple mobile safari/3.0.3
version/apple mobile safari/1.3.1
version/apple mobile safari/2.0.4
version/apple mobile safari/3.0
version/apple mobile safari/3.2.3
version/apple mobile safari/1.1
version/apple mobile safari/4.0_beta
version/apple mobile safari/3.1
version/apple mobile safari/2.0
version/apple mobile safari/3.0.2
version/apple mobile safari/1.0.3
version/apple mobile safari/1.0
version/apple mobile safari/2.0.2
version/apple mobile safari/3.1.1
version/apple mobile safari/1.3
version/apple mobile safari/0.8
version/apple mobile safari/3.2
version/apple mobile safari/3.0.1
version/apple mobile safari/3.2.1
version/apple mobile safari/3.2.2

CVE-2009-1686: Input Validation

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-1686?

How do I fix CVE-2009-1686?

What versions of Safari are affected by CVE-2009-1686?

What type of attacks can exploit CVE-2009-1686?

Who is impacted by CVE-2009-1686?

Company

Resources

Contact