Vulnerability Description
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Safari | <= 4.0_beta |
References
- http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
- http://lists.apple.com/archives/security-announce/2009/jun/msg00002.htmlPatchVendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://osvdb.org/55004
- http://secunia.com/advisories/35379Vendor Advisory
- http://secunia.com/advisories/37746
- http://secunia.com/advisories/43068
- http://support.apple.com/kb/HT3613PatchVendor Advisory
- http://support.apple.com/kb/HT3639
- http://www.debian.org/security/2009/dsa-1950
- http://www.securityfocus.com/bid/35260ExploitPatch
- http://www.securityfocus.com/bid/35331
- http://www.vupen.com/english/advisories/2009/1522PatchVendor Advisory
- http://www.vupen.com/english/advisories/2009/1621
- http://www.vupen.com/english/advisories/2011/0212
FAQ
What is CVE-2009-1693?
CVE-2009-1693 is a vulnerability with a CVSS score of 5.8 (MEDIUM). WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with...
How severe is CVE-2009-1693?
CVE-2009-1693 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1693?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Safari.