Vulnerability Description
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Safari | <= 4.0_beta |
References
- http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
- http://lists.apple.com/archives/security-announce/2009/jun/msg00002.htmlVendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://osvdb.org/55005
- http://secunia.com/advisories/35379Vendor Advisory
- http://secunia.com/advisories/37746
- http://secunia.com/advisories/43068
- http://support.apple.com/kb/HT3613Vendor Advisory
- http://support.apple.com/kb/HT3639
- http://www.debian.org/security/2009/dsa-1950
- http://www.securityfocus.com/bid/35260
- http://www.securityfocus.com/bid/35322
- http://www.vupen.com/english/advisories/2009/1522PatchVendor Advisory
- http://www.vupen.com/english/advisories/2009/1621
- http://www.vupen.com/english/advisories/2011/0212
FAQ
What is CVE-2009-1694?
CVE-2009-1694 is a vulnerability with a CVSS score of 5.8 (MEDIUM). WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arb...
How severe is CVE-2009-1694?
CVE-2009-1694 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1694?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Safari.