First published: Wed Aug 12 2009(Updated: )
Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Safari | =3.0.4b | |
Safari | =2.0.3-417.9.3 | |
Safari | =4.0.1 | |
Safari | <=4.0.2 | |
Safari | =3.0.4 | |
Safari | =3.0.1-beta | |
Safari | =2.0.1 | |
Safari | =2.0.3 | |
Safari | =2.0.2 | |
Safari | =3.0.0 | |
Safari | =3.0.1 | |
Safari | =3.0.2 | |
Safari | =3.0.3b | |
Safari | =3.1.1 | |
Safari | =2.0.3-417.9 | |
Safari | =2.0.3-417.9.2 | |
Safari | =3.0.3 | |
Safari | =2.0 | |
Safari | =2.0.3-417.8 | |
Safari | =3.1.2 | |
Safari | =3.1.0b | |
Safari | =3.1.0 | |
Safari | =2.0.4 | |
Safari | =3.2.2 | |
Safari | =3.0.0b | |
Safari | =4.0 | |
Safari | =4.0.0b | |
Safari | =2.0.0 | |
Safari | =3.2.0 | |
Safari | =3.0.2b | |
Safari | =3.0.1b | |
Safari | =3.2.1 | |
Safari | =3.0 | |
iPhone OS | <=3.0.1 | |
iPhone OS | =1.0.0 | |
iPhone OS | =1.0.1 | |
iPhone OS | =1.0.2 | |
iPhone OS | =1.1.0 | |
iPhone OS | =1.1.1 | |
iPhone OS | =1.1.2 | |
iPhone OS | =1.1.3 | |
iPhone OS | =1.1.4 | |
iPhone OS | =1.1.5 | |
iPhone OS | =2.0 | |
iPhone OS | =2.0.0 | |
iPhone OS | =2.0.1 | |
iPhone OS | =2.0.2 | |
iPhone OS | =2.1 | |
iPhone OS | =2.1.1 | |
iPhone OS | =2.2 | |
iPhone OS | =2.2.1 | |
iPhone OS | =3.0 | |
iPhone OS | ||
iPhone OS | <=3.1 | |
iPhone OS | =3.0.1 | |
Apple iPod touch |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2009-2199 is considered a moderate security vulnerability that could allow for domain spoofing.
To fix CVE-2009-2199, upgrade to Apple Safari version 4.0.3 or later.
CVE-2009-2199 affects Apple Safari versions prior to 4.0.3, alongside various iPhone OS versions.
Yes, CVE-2009-2199 can potentially enable phishing attacks by allowing attackers to spoof domain names in URLs.
Remote attackers can exploit CVE-2009-2199 to conduct attacks against vulnerable versions of Safari.