CVE-2009-1690: Use After Free
First published: Wed Jun 10 2009(Updated: )
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Mobile Safari | =1.1 | |
| Apple Mobile Safari | =1.3.1 | |
| Apple Mobile Safari | =3.2.3 | |
| Apple Mobile Safari | =2.0.2 | |
| Apple Mobile Safari | =3.1 | |
| Apple Mobile Safari | =3.1.2 | |
| Apple Mobile Safari | =3.0 | |
| Apple Mobile Safari | =0.8 | |
| Apple Mobile Safari | =2.0 | |
| Apple Mobile Safari | =3.0.4 | |
| Apple Mobile Safari | =0.9 | |
| Apple Mobile Safari | =3.0.3 | |
| Apple Mobile Safari | =1.3.2 | |
| Apple Mobile Safari | =1.2 | |
| Apple Mobile Safari | <=4.0_beta | |
| Apple Mobile Safari | =3.2.1 | |
| Apple Mobile Safari | =3.0.2 | |
| Apple Mobile Safari | =2.0.4 | |
| Apple Mobile Safari | =3.1.1 | |
| Apple Mobile Safari | =1.0.3 | |
| Apple Mobile Safari | =1.0 | |
| Apple Mobile Safari | =1.3 | |
| Apple Mobile Safari | =3.2 | |
| Apple Mobile Safari | =3.0.1 | |
| Apple Mobile Safari | =3.1.2 | |
| Apple Mobile Safari | <=3.2.3 | |
| Apple Mobile Safari | =3.0.3 | |
| Apple Mobile Safari | =3.0.2 | |
| Apple Mobile Safari | =3.1.1 | |
| Apple Mobile Safari | =3.0 | |
| Apple Mobile Safari | =3.1 | |
| Apple Mobile Safari | =3.2.2 | |
| Apple Mobile Safari | =3.2.1 | |
| Apple Mobile Safari | =3.0.4 | |
| iStyle @cosme iPhone OS | =2.0.2 | |
| iStyle @cosme iPhone OS | =1.0.2 | |
| iStyle @cosme iPhone OS | =1.0 | |
| iStyle @cosme iPhone OS | =1.1.2 | |
| iStyle @cosme iPhone OS | =1.1.4 | |
| iStyle @cosme iPhone OS | =1.1.1 | |
| iStyle @cosme iPhone OS | =1.1.1 | |
| iStyle @cosme iPhone OS | =1.0.1 | |
| iStyle @cosme iPhone OS | =2.0.2 | |
| iStyle @cosme iPhone OS | =2.2 | |
| iStyle @cosme iPhone OS | =2.0.0 | |
| iStyle @cosme iPhone OS | =1.1.3 | |
| iStyle @cosme iPhone OS | =2.1 | |
| iStyle @cosme iPhone OS | =1.1.2 | |
| iStyle @cosme iPhone OS | =1.1.2 | |
| iStyle @cosme iPhone OS | =1.1.3 | |
| iStyle @cosme iPhone OS | =2.0.1 | |
| iStyle @cosme iPhone OS | =1.1.5 | |
| iStyle @cosme iPhone OS | =1.1 | |
| iStyle @cosme iPhone OS | =1.1.0 | |
| iStyle @cosme iPhone OS | =2.0.1 | |
| iStyle @cosme iPhone OS | =1.1.4 | |
| iStyle @cosme iPhone OS | =1.0.1 | |
| iStyle @cosme iPhone OS | =2.2.1 | |
| iStyle @cosme iPhone OS | =2.1 | |
| iStyle @cosme iPhone OS | =1.1.5 | |
| iStyle @cosme iPhone OS | =2.2.1 | |
| iStyle @cosme iPhone OS | =2.0.0 | |
| iStyle @cosme iPhone OS | =1.1.0 | |
| iStyle @cosme iPhone OS | =1.0.2 | |
| iStyle @cosme iPhone OS | =2.2 | |
| iStyle @cosme iPhone OS | =1.1.4 | |
| iStyle @cosme iPhone OS | =2.0.0 | |
| iStyle @cosme iPhone OS | =1.0.0 | |
| iStyle @cosme iPhone OS | =1.1.0 | |
| iStyle @cosme iPhone OS | =2.0.2 | |
| iStyle @cosme iPhone OS | =2.0 | |
| iStyle @cosme iPhone OS | =1.1.5 | |
| iStyle @cosme iPhone OS | =2.0.1 | |
| iStyle @cosme iPhone OS | =2.1 | |
| iStyle @cosme iPhone OS | =1.1.3 | |
| Google Chrome | =1.0.154.53 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
- http://secunia.com/advisories/35379
- http://www.vupen.com/english/advisories/2009/1522
- http://www.securityfocus.com/bid/35260
- http://securitytracker.com/id?1022345
- http://support.apple.com/kb/HT3613
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=803
- http://osvdb.org/54990
- http://support.apple.com/kb/HT3639
- http://www.vupen.com/english/advisories/2009/1621
- http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html
- http://secunia.com/advisories/36062
- http://secunia.com/advisories/36057
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html
- http://www.ubuntu.com/usn/USN-822-1
- http://secunia.com/advisories/37746
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
- http://www.debian.org/security/2009/dsa-1950
- http://www.ubuntu.com/usn/USN-857-1
- http://www.ubuntu.com/usn/USN-836-1
- http://secunia.com/advisories/36790
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://secunia.com/advisories/43068
- http://www.vupen.com/english/advisories/2011/0212
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11009
Frequently Asked Questions
What is the severity of CVE-2009-1690?
CVE-2009-1690 is classified as a high severity vulnerability due to its potential to allow remote attackers to execute arbitrary code.
How do I fix CVE-2009-1690?
To mitigate CVE-2009-1690, update to the latest versions of affected software, such as Apple Safari and Google Chrome.
Which software is affected by CVE-2009-1690?
CVE-2009-1690 affects multiple versions of Apple Safari and Google Chrome, specifically versions prior to 4.0 and 1.0.154.53, respectively.
Can CVE-2009-1690 cause a denial of service?
Yes, CVE-2009-1690 can lead to denial of service through memory corruption, resulting in application crashes.
Is CVE-2009-1690 still a risk today?
While CVE-2009-1690 is an older vulnerability, it can still pose risks if outdated software is in use.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/remedy
- agent/event
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/apple
- canonical/apple mobile safari
- version/apple mobile safari/1.1
- version/apple mobile safari/1.3.1
- version/apple mobile safari/3.2.3
- version/apple mobile safari/2.0.2
- version/apple mobile safari/3.1
- version/apple mobile safari/3.1.2
- version/apple mobile safari/3.0
- version/apple mobile safari/0.8
- version/apple mobile safari/2.0
- version/apple mobile safari/3.0.4
- version/apple mobile safari/0.9
- version/apple mobile safari/3.0.3
- version/apple mobile safari/1.3.2
- version/apple mobile safari/1.2
- version/apple mobile safari/4.0_beta
- version/apple mobile safari/3.2.1
- version/apple mobile safari/3.0.2
- version/apple mobile safari/2.0.4
- version/apple mobile safari/3.1.1
- version/apple mobile safari/1.0.3
- version/apple mobile safari/1.0
- version/apple mobile safari/1.3
- version/apple mobile safari/3.2
- version/apple mobile safari/3.0.1
- version/apple mobile safari/3.2.2
- canonical/istyle @cosme iphone os
- version/istyle @cosme iphone os/2.0.2
- version/istyle @cosme iphone os/1.0.2
- version/istyle @cosme iphone os/1.0
- version/istyle @cosme iphone os/1.1.2
- version/istyle @cosme iphone os/1.1.4
- version/istyle @cosme iphone os/1.1.1
- version/istyle @cosme iphone os/1.0.1
- version/istyle @cosme iphone os/2.2
- version/istyle @cosme iphone os/2.0.0
- version/istyle @cosme iphone os/1.1.3
- version/istyle @cosme iphone os/2.1
- version/istyle @cosme iphone os/2.0.1
- version/istyle @cosme iphone os/1.1.5
- version/istyle @cosme iphone os/1.1
- version/istyle @cosme iphone os/1.1.0
- version/istyle @cosme iphone os/2.2.1
- version/istyle @cosme iphone os/1.0.0
- version/istyle @cosme iphone os/2.0
- vendor/google
- canonical/google chrome
- version/google chrome/1.0.154.53