CVE-2009-1687
Description
The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The WebKit JavaScript garbage collector mishandles allocation failures, allowing remote attackers to execute arbitrary code or crash the browser via a crafted HTML document.
Vulnerability
The JavaScript garbage collector in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPod touch 1.1 through 2.2.1, does not properly handle memory allocation failures. This flaw can lead to write access to an offset of a NULL pointer, resulting in memory corruption. The vulnerability also affects QtWebKit (CVE-2009-1687) in Ubuntu and KDE-Libs [3][4]. Affected versions include Safari prior to 4.0, iOS prior to 3.0, and corresponding Qt/KDE packages.
Exploitation
An attacker can exploit this vulnerability by crafting a malicious HTML document that triggers allocation failures in the JavaScript garbage collector. The user must visit the crafted page using an affected browser. No additional authentication or network position beyond serving the page is required. The attacker does not need to interact further once the page is loaded.
Impact
Successful exploitation allows remote code execution with the privileges of the user running the browser, or a denial of service (application crash). The attacker can potentially execute arbitrary code on the victim's system, leading to full compromise of the browser's security context.
Mitigation
Apple addressed this issue in Safari 4.0 [1] and iOS 3.0 [2]. Ubuntu released updates for QtWebKit (USN-857-1) [3] and KDE-Libs (USN-822-1) [4]. Users should update to the latest versions. No workarounds are documented; applying the vendor patches is the recommended mitigation.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
38cpe:2.3:a:apple:safari:0.8:*:mac:*:*:*:*:*+ 34 more
- cpe:2.3:a:apple:safari:0.8:*:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:0.9:*:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.0.3:*:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.0:*:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.1:*:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.2:*:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.3.1:*:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.3.2:*:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.3:*:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.2:*:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.4:*:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0:*:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.2:-:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.2:*:windows:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.3:*:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.3:*:windows:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.4:*:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.4:*:windows:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0:*:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0:*:windows:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.1.1:*:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.1.1:*:windows:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.1.2:*:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.1.2:*:windows:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.1:*:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.1:*:windows:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.2.1:*:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.2.1:*:windows:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.2.2:*:windows:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.2.3:*:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.2:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:safari:*:*:mac:*:*:*:*:*range: <=4.0_beta
- cpe:2.3:a:apple:safari:*:*:windows:*:*:*:*:*range: <=3.2.3
- (no CPE)range: <4.0
- Range: 1.0 - 2.2.1
- Range: 1.1 - 2.2.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
28- securitytracker.com/idnvdPatch
- www.vupen.com/english/advisories/2009/1522nvdPatchVendor Advisory
- www.securityfocus.com/bid/35260nvdExploit
- lists.apple.com/archives/security-announce/2009/jun/msg00002.htmlnvdVendor Advisory
- secunia.com/advisories/35379nvdVendor Advisory
- support.apple.com/kb/HT3613nvdVendor Advisory
- lists.apple.com/archives/security-announce/2009/Jun/msg00005.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlnvd
- osvdb.org/54985nvd
- secunia.com/advisories/36057nvd
- secunia.com/advisories/36062nvd
- secunia.com/advisories/36790nvd
- secunia.com/advisories/37746nvd
- secunia.com/advisories/43068nvd
- support.apple.com/kb/HT3639nvd
- www.debian.org/security/2009/dsa-1950nvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/bid/35309nvd
- www.ubuntu.com/usn/USN-822-1nvd
- www.ubuntu.com/usn/USN-836-1nvd
- www.ubuntu.com/usn/USN-857-1nvd
- www.vupen.com/english/advisories/2009/1621nvd
- www.vupen.com/english/advisories/2011/0212nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10260nvd
- www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.htmlnvd
News mentions
0No linked articles in our index yet.