CVE-2009-1695

Name of the Vulnerable Software and Affected Versions: Apple Safari versions prior to 4.0 iPhone OS versions 1.0 through 2.2.1 iPhone OS for iPod touch versions 1.1 through 2.2.1

Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition.

Recommendations: For Apple Safari versions prior to 4.0, update to version 4.0 or later. For iPhone OS versions 1.0 through 2.2.1, update to a version later than 2.2.1. For iPhone OS for iPod touch versions 1.1 through 2.2.1, update to a version later than 2.2.1.