Apple · Ios · CVE-2009-1697
Name of the Vulnerable Software and Affected Versions:
Apple Safari versions prior to 4.0
iPhone OS versions 1.0 through 2.2.1
iPhone OS for iPod touch versions 1.1 through 2.2.1
Description:
A CRLF injection issue allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document. This is related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header.
Recommendations:
For Apple Safari versions prior to 4.0, update to version 4.0 or later.
For iPhone OS versions 1.0 through 2.2.1, update to a version later than 2.2.1.
For iPhone OS for iPod touch versions 1.1 through 2.2.1, update to a version later than 2.2.1.