CVE-2009-1694 — Apple Safari vulnerability

3 documents3 sources

Severity

5.8MEDIUMNVD

EPSS

0.7%

top 27.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari

Timeline

PublishedJun 10

Latest updateMay 2

Description

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue."

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

▶NVDapple/safari4.0_beta+25

Patches

Patch: www.vupen.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-4844-58w2-p88q: WebKit in Apple Safari before 4↗2022-05-02

▶

OSV

CVE-2009-1694: WebKit in Apple Safari before 4↗2009-06-10

▶