CVE-2009-1696
First published: Wed Jun 10 2009(Updated: )
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Safari | =1.1 | |
| Apple Safari | =1.3.1 | |
| Apple Safari | =3.2.3 | |
| Apple Safari | =2.0.2 | |
| Apple Safari | =3.1 | |
| Apple Safari | =3.1.2 | |
| Apple Safari | =3.0 | |
| Apple Safari | =0.8 | |
| Apple Safari | =2.0 | |
| Apple Safari | =3.0.4 | |
| Apple Safari | =0.9 | |
| Apple Safari | =3.0.3 | |
| Apple Safari | =1.3.2 | |
| Apple Safari | =1.2 | |
| Apple Safari | <=4.0_beta | |
| Apple Safari | =3.2.1 | |
| Apple Safari | =3.0.2 | |
| Apple Safari | =2.0.4 | |
| Apple Safari | =3.1.1 | |
| Apple Safari | =1.0.3 | |
| Apple Safari | =1.0 | |
| Apple Safari | =1.3 | |
| Apple Safari | =3.2 | |
| Apple Safari | =3.0.1 | |
| Apple Safari | =3.1.2 | |
| Apple Safari | <=3.2.3 | |
| Apple Safari | =3.0.3 | |
| Apple Safari | =3.0.2 | |
| Apple Safari | =3.1.1 | |
| Apple Safari | =3.0 | |
| Apple Safari | =3.1 | |
| Apple Safari | =3.2.2 | |
| Apple Safari | =3.2.1 | |
| Apple Safari | =3.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
- http://support.apple.com/kb/HT3613
- http://www.vupen.com/english/advisories/2009/1522
- http://secunia.com/advisories/35379
- http://www.securityfocus.com/bid/35260
- http://osvdb.org/55027
- http://support.apple.com/kb/HT3639
- http://www.vupen.com/english/advisories/2009/1621
- http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
- http://secunia.com/advisories/43068
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://www.vupen.com/english/advisories/2011/0212
Frequently Asked Questions
What is the severity of CVE-2009-1696?
CVE-2009-1696 is considered to have a medium severity level as it allows tracking of Safari users through predictable random number generation.
How do I fix CVE-2009-1696?
To mitigate the risk of CVE-2009-1696, users should upgrade to Safari version 4.0 or later where the vulnerability has been addressed.
Which versions of Safari are affected by CVE-2009-1696?
CVE-2009-1696 affects multiple versions of Safari, specifically versions prior to 4.0, including 1.1, 2.x, and 3.x.
What type of vulnerability is CVE-2009-1696?
CVE-2009-1696 is categorized as a tracking vulnerability due to predictable random number generation in JavaScript applications.
Who is impacted by CVE-2009-1696?
Users of Apple Safari running versions before 4.0 on both macOS and Windows are impacted by CVE-2009-1696.
- collector/nvd-historical
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- vendor/apple
- canonical/apple safari
- version/apple safari/1.1
- version/apple safari/1.3.1
- version/apple safari/3.2.3
- version/apple safari/2.0.2
- version/apple safari/3.1
- version/apple safari/3.1.2
- version/apple safari/3.0
- version/apple safari/0.8
- version/apple safari/2.0
- version/apple safari/3.0.4
- version/apple safari/0.9
- version/apple safari/3.0.3
- version/apple safari/1.3.2
- version/apple safari/1.2
- version/apple safari/4.0_beta
- version/apple safari/3.2.1
- version/apple safari/3.0.2
- version/apple safari/2.0.4
- version/apple safari/3.1.1
- version/apple safari/1.0.3
- version/apple safari/1.0
- version/apple safari/1.3
- version/apple safari/3.2
- version/apple safari/3.0.1
- version/apple safari/3.2.2