CVE-2009-1724: XSS
First published: Thu Jul 09 2009(Updated: )
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Safari | =3.0.4b | |
| Safari | =2.0.3-417.9.3 | |
| Safari | <=4.0.1 | |
| Safari | =3.0.4 | |
| Safari | =3.0.1-beta | |
| Safari | =2.0.1 | |
| Safari | =2.0.3 | |
| Safari | =2.0.2 | |
| Safari | =3.0.0 | |
| Safari | =3.0.1 | |
| Safari | =3.0.2 | |
| Safari | =3.0.3b | |
| Safari | =3.1.1 | |
| Safari | =2.0.3-417.9 | |
| Safari | =2.0.3-417.9.2 | |
| Safari | =3.0.3 | |
| Safari | =2.0 | |
| Safari | =2.0.3-417.8 | |
| Safari | =3.1.2 | |
| Safari | =3.1.0b | |
| Safari | =3.1.0 | |
| Safari | =2.0.4 | |
| Safari | =3.2.2 | |
| Safari | =3.0.0b | |
| Safari | =4.0 | |
| Safari | =4.0.0b | |
| Safari | =2.0.0 | |
| Safari | =3.2.0 | |
| Safari | =3.0.2b | |
| Safari | =3.0.1b | |
| Safari | =3.2.1 | |
| Safari | =3.0 | |
| iPhone OS | <=3.0.1 | |
| iPhone OS | =1.0.0 | |
| iPhone OS | =1.0.1 | |
| iPhone OS | =1.0.2 | |
| iPhone OS | =1.1.0 | |
| iPhone OS | =1.1.1 | |
| iPhone OS | =1.1.2 | |
| iPhone OS | =1.1.3 | |
| iPhone OS | =1.1.4 | |
| iPhone OS | =1.1.5 | |
| iPhone OS | =2.0 | |
| iPhone OS | =2.0.0 | |
| iPhone OS | =2.0.1 | |
| iPhone OS | =2.0.2 | |
| iPhone OS | =2.1 | |
| iPhone OS | =2.1.1 | |
| iPhone OS | =2.2 | |
| iPhone OS | =2.2.1 | |
| iPhone OS | =3.0 | |
| iPhone OS | ||
| iPhone OS | <=3.1 | |
| iPhone OS | =3.0.1 | |
| Apple iPod touch |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/35441
- http://support.apple.com/kb/HT3666
- http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html
- http://www.vupen.com/english/advisories/2009/1827
- http://secunia.com/advisories/35758
- http://osvdb.org/55738
- http://www.securitytracker.com/id?1022525
- http://support.apple.com/kb/HT3860
- http://secunia.com/advisories/36677
- http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html
- http://secunia.com/advisories/43068
- http://www.vupen.com/english/advisories/2011/0212
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6208
Frequently Asked Questions
What is the severity of CVE-2009-1724?
CVE-2009-1724 is classified as a moderate severity cross-site scripting vulnerability.
How do I fix CVE-2009-1724?
To fix CVE-2009-1724, update your Apple Safari to version 4.0.2 or later.
What platforms are affected by CVE-2009-1724?
CVE-2009-1724 affects Apple Safari on various platforms including iPhone OS versions prior to 3.1.1.
What type of vulnerability is CVE-2009-1724?
CVE-2009-1724 is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web scripts.
Is there a workaround for CVE-2009-1724?
Currently, the best practice is to update to a fixed version of Safari as a workaround for CVE-2009-1724.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/apple
- canonical/safari
- version/safari/3.0.4b
- version/safari/2.0.3-417.9.3
- version/safari/4.0.1
- version/safari/3.0.4
- version/safari/3.0.1-beta
- version/safari/2.0.1
- version/safari/2.0.3
- version/safari/2.0.2
- version/safari/3.0.0
- version/safari/3.0.1
- version/safari/3.0.2
- version/safari/3.0.3b
- version/safari/3.1.1
- version/safari/2.0.3-417.9
- version/safari/2.0.3-417.9.2
- version/safari/3.0.3
- version/safari/2.0
- version/safari/2.0.3-417.8
- version/safari/3.1.2
- version/safari/3.1.0b
- version/safari/3.1.0
- version/safari/2.0.4
- version/safari/3.2.2
- version/safari/3.0.0b
- version/safari/4.0
- version/safari/4.0.0b
- version/safari/2.0.0
- version/safari/3.2.0
- version/safari/3.0.2b
- version/safari/3.0.1b
- version/safari/3.2.1
- version/safari/3.0
- canonical/iphone os
- version/iphone os/3.0.1
- version/iphone os/1.0.0
- version/iphone os/1.0.1
- version/iphone os/1.0.2
- version/iphone os/1.1.0
- version/iphone os/1.1.1
- version/iphone os/1.1.2
- version/iphone os/1.1.3
- version/iphone os/1.1.4
- version/iphone os/1.1.5
- version/iphone os/2.0
- version/iphone os/2.0.0
- version/iphone os/2.0.1
- version/iphone os/2.0.2
- version/iphone os/2.1
- version/iphone os/2.1.1
- version/iphone os/2.2
- version/iphone os/2.2.1
- version/iphone os/3.0
- version/iphone os/3.1
- canonical/apple ipod touch