CVE-2009-1686

Name of the Vulnerable Software and Affected Versions: Apple Safari versions prior to 4.0 iPhone OS versions 1.0 through 2.2.1 iPhone OS for iPod touch versions 1.1 through 2.2.1

Description: The issue arises from improper handling of constant declarations in a type-conversion operation during JavaScript exception handling. This can be exploited by remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted HTML document.

Recommendations: For Apple Safari versions prior to 4.0, update to version 4.0 or later. For iPhone OS versions 1.0 through 2.2.1, update to a version later than 2.2.1. For iPhone OS for iPod touch versions 1.1 through 2.2.1, update to a version later than 2.2.1.