CVE-2009-1701 — Apple Safari vulnerability

CWE-3992 documents2 sources

Severity

9.3CRITICALNVD

EPSS

9.7%

top 7.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari Apple Iphone OS

Timeline

PublishedJun 10

Latest updateMay 2

Description

Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDapple/iphone_os17 versions+16

▶NVDapple/safari3.2.2+23

Patches

Patch: lists.apple.com ↗Patch: securitytracker.com ↗Patch: support.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-2634-634x-5w3q: Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4↗2022-05-02

▶