CVE-2009-2199 — Apple Iphone OS vulnerability

3 documents3 sources

Severity

5.8MEDIUMNVD

EPSS

1.4%

top 19.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple Safari

Timeline

PublishedAug 12

Latest updateMay 2

Description

Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

▶NVDapple/iphone_os3.0.1+20

▶NVDapple/safari4.0.2+27

Patches

Patch: lists.apple.com ↗Patch: support.apple.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-j82x-rqp4-5wq8: Incomplete blacklist vulnerability in WebKit in Apple Safari before 4↗2022-05-02

▶

💬Community

Bugzilla

CVE-2009-2195 WebKit: buffer overflow in floating point numbers parsing↗2009-08-13

▶