Apple · Webkit · CVE-2009-2797
**Name of the Vulnerable Software and Affected Versions**
Safari versions prior to 3.1
Safari version prior to 3.1.1 for iPod touch
**Description**
The issue concerns the WebKit component in Safari, which fails to remove usernames and passwords from URLs sent in Referer headers. This allows remote attackers to obtain sensitive information by reading Referer logs on a web server.
**Recommendations**
For Safari versions prior to 3.1, update to version 3.1 or later.
For Safari version prior to 3.1.1 for iPod touch, update to version 3.1.1 or later.