CVE-2009-1702

Name of the Vulnerable Software and Affected Versions: Apple Safari versions prior to 4.0 iPhone OS versions 1.0 through 2.2.1 iPhone OS for iPod touch versions 1.1 through 2.2.1

Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects. This enables attackers to execute malicious scripts on affected devices.

Recommendations: For Apple Safari versions prior to 4.0, update to version 4.0 or later. For iPhone OS versions 1.0 through 2.2.1, update to a version later than 2.2.1. For iPhone OS for iPod touch versions 1.1 through 2.2.1, update to a version later than 2.2.1.