CVE-2010-1769
Description
WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, a different vulnerability than CVE-2010-1387 and CVE-2010-1763.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
WebKit in Apple iTunes before 9.2 on Windows and iOS before 4 on iPhone/iPod touch accesses out-of-bounds memory via crafted HTML tables, allowing arbitrary code execution.
Vulnerability
This vulnerability resides in the WebKit rendering engine used by Apple iTunes before 9.2 on Windows and Apple iOS before 4 on iPhone and iPod touch. The issue is an out-of-bounds memory access that occurs when the engine handles HTML tables. A remote attacker can trigger this by persuading a user to view a specially crafted HTML document. Affected versions include iTunes prior to 9.2 on Windows and iOS prior to version 4. [1], [2]
Exploitation
An attacker needs no authentication and no special network position beyond serving a malicious HTML document to the target user. The user must open the document in the affected WebKit-based application either directly or via a web page. The out-of-bounds memory access is triggered automatically when the document is rendered; no further user interaction is required after the page loads. The attacker does not need any local system access prior to the attack. [1], [2]
Impact
Successful exploitation allows the attacker to execute arbitrary code with the privileges of the application (iTunes on Windows or Safari/iOS apps on the iPhone/iPod touch). Alternatively, the attacker may cause a denial of service in the form of an application crash. The impact is a complete compromise of confidentiality, integrity, and availability of data accessible to the application. [1], [2]
Mitigation
Apple released fixes for this issue in iTunes 9.2 (for Windows) and iOS 4 (for iPhone and iPod touch). Users should upgrade to these versions or later. No workarounds are documented; the only mitigation is to install the vendor-supplied updates. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. [1], [2]
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
48cpe:2.3:a:apple:itunes:7.0.0:-:windows:*:*:*:*:*+ 46 more
- cpe:2.3:a:apple:itunes:7.0.0:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.0.1:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.0.2:*:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.0.2:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.1.0:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.1.1:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.2.0:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.3.0:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.3.1:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.3.2:*:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.3.2:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.4.0:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.4.1:*:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.4.1:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.4.2:*:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.4.2:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.4.3:*:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.4:*:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.5.0:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.5:*:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.6.0:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.6.1:*:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.6.1:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.6.2:*:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.6.2:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.6:*:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.7.0:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.7.1:*:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.7.1:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:7.7:*:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:8.0.0:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:8.0.1:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:8.0.2:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:8.0:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:8.1.1:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:8.1:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:8.2.1:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:8.2:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:9.0.0:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:9.0.1:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:9.0.2:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:9.0.3:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:9.0:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:9.1:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:itunes:*:-:windows:*:*:*:*:*range: <=9.1.1
- (no CPE)range: <9.2 on Windows
- Range: <4 on iPhone and iPod touch
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- lists.apple.com/archives/security-announce/2010//Jun/msg00002.htmlnvd
- lists.apple.com/archives/security-announce/2010/Jun/msg00003.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlnvd
- secunia.com/advisories/40196nvd
- secunia.com/advisories/43068nvd
- securitytracker.com/idnvd
- support.apple.com/kb/HT4220nvd
- support.apple.com/kb/HT4225nvd
- www.securityfocus.com/bid/41016nvd
- www.vupen.com/english/advisories/2010/1512nvd
- www.vupen.com/english/advisories/2011/0212nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/59508nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7178nvd
News mentions
0No linked articles in our index yet.