CVE-2009-2199
First published: Wed Aug 12 2009(Updated: )
Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Safari | =3.0.4b | |
| Safari | =2.0.3-417.9.3 | |
| Safari | =4.0.1 | |
| Safari | <=4.0.2 | |
| Safari | =3.0.4 | |
| Safari | =3.0.1-beta | |
| Safari | =2.0.1 | |
| Safari | =2.0.3 | |
| Safari | =2.0.2 | |
| Safari | =3.0.0 | |
| Safari | =3.0.1 | |
| Safari | =3.0.2 | |
| Safari | =3.0.3b | |
| Safari | =3.1.1 | |
| Safari | =2.0.3-417.9 | |
| Safari | =2.0.3-417.9.2 | |
| Safari | =3.0.3 | |
| Safari | =2.0 | |
| Safari | =2.0.3-417.8 | |
| Safari | =3.1.2 | |
| Safari | =3.1.0b | |
| Safari | =3.1.0 | |
| Safari | =2.0.4 | |
| Safari | =3.2.2 | |
| Safari | =3.0.0b | |
| Safari | =4.0 | |
| Safari | =4.0.0b | |
| Safari | =2.0.0 | |
| Safari | =3.2.0 | |
| Safari | =3.0.2b | |
| Safari | =3.0.1b | |
| Safari | =3.2.1 | |
| Safari | =3.0 | |
| iPhone OS | <=3.0.1 | |
| iPhone OS | =1.0.0 | |
| iPhone OS | =1.0.1 | |
| iPhone OS | =1.0.2 | |
| iPhone OS | =1.1.0 | |
| iPhone OS | =1.1.1 | |
| iPhone OS | =1.1.2 | |
| iPhone OS | =1.1.3 | |
| iPhone OS | =1.1.4 | |
| iPhone OS | =1.1.5 | |
| iPhone OS | =2.0 | |
| iPhone OS | =2.0.0 | |
| iPhone OS | =2.0.1 | |
| iPhone OS | =2.0.2 | |
| iPhone OS | =2.1 | |
| iPhone OS | =2.1.1 | |
| iPhone OS | =2.2 | |
| iPhone OS | =2.2.1 | |
| iPhone OS | =3.0 | |
| iPhone OS | ||
| iPhone OS | <=3.1 | |
| iPhone OS | =3.0.1 | |
| Apple iPod touch |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html
- http://support.apple.com/kb/HT3733
- http://www.securityfocus.com/bid/36026
- http://www.securitytracker.com/id?1022719
- http://support.apple.com/kb/HT3860
- http://secunia.com/advisories/36677
- http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://www.vupen.com/english/advisories/2011/0212
- http://secunia.com/advisories/43068
Frequently Asked Questions
What is the severity of CVE-2009-2199?
CVE-2009-2199 is considered a moderate security vulnerability that could allow for domain spoofing.
How do I fix CVE-2009-2199?
To fix CVE-2009-2199, upgrade to Apple Safari version 4.0.3 or later.
What platforms are affected by CVE-2009-2199?
CVE-2009-2199 affects Apple Safari versions prior to 4.0.3, alongside various iPhone OS versions.
Can CVE-2009-2199 lead to phishing attacks?
Yes, CVE-2009-2199 can potentially enable phishing attacks by allowing attackers to spoof domain names in URLs.
Who are the potential attackers in CVE-2009-2199?
Remote attackers can exploit CVE-2009-2199 to conduct attacks against vulnerable versions of Safari.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/remedy
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/tags
- collector/nvd-index
- agent/softwarecombine
- vendor/apple
- canonical/safari
- version/safari/3.0.4b
- version/safari/2.0.3-417.9.3
- version/safari/4.0.1
- version/safari/4.0.2
- version/safari/3.0.4
- version/safari/3.0.1-beta
- version/safari/2.0.1
- version/safari/2.0.3
- version/safari/2.0.2
- version/safari/3.0.0
- version/safari/3.0.1
- version/safari/3.0.2
- version/safari/3.0.3b
- version/safari/3.1.1
- version/safari/2.0.3-417.9
- version/safari/2.0.3-417.9.2
- version/safari/3.0.3
- version/safari/2.0
- version/safari/2.0.3-417.8
- version/safari/3.1.2
- version/safari/3.1.0b
- version/safari/3.1.0
- version/safari/2.0.4
- version/safari/3.2.2
- version/safari/3.0.0b
- version/safari/4.0
- version/safari/4.0.0b
- version/safari/2.0.0
- version/safari/3.2.0
- version/safari/3.0.2b
- version/safari/3.0.1b
- version/safari/3.2.1
- version/safari/3.0
- canonical/iphone os
- version/iphone os/3.0.1
- version/iphone os/1.0.0
- version/iphone os/1.0.1
- version/iphone os/1.0.2
- version/iphone os/1.1.0
- version/iphone os/1.1.1
- version/iphone os/1.1.2
- version/iphone os/1.1.3
- version/iphone os/1.1.4
- version/iphone os/1.1.5
- version/iphone os/2.0
- version/iphone os/2.0.0
- version/iphone os/2.0.1
- version/iphone os/2.0.2
- version/iphone os/2.1
- version/iphone os/2.1.1
- version/iphone os/2.2
- version/iphone os/2.2.1
- version/iphone os/3.0
- version/iphone os/3.1
- canonical/apple ipod touch