CVE-2009-1680 : Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 thr

Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history.

Published 2009-06-19 16:30:00

Updated 2022-08-09 13:48:59

Source MITRE

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2009-1680

Apple » Ipod Touch
cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 2.0.2
cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 2.0.1
cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 1.0.2
cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 2.1
cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 1.1.2
cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 1.1.1
cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 2.0
cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 1.1.5
cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 1.0.1
cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 1.1.4
cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 1.1.3
cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 2.2.1
cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 1.0.0
cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 2.2
cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 2.1.1
cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 2.0.0
cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 1.1.0
cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2009-1680

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 18 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-1680

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2009-1680

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-1680

http://www.securityfocus.com/bid/35448
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

Vendor Advisory

CVEs referencing this url
http://www.vupen.com/english/advisories/2009/1621

Webmail: access your OVH emails on ovhcloud.com | OVHcloud

CVEs referencing this url
http://www.securityfocus.com/bid/35414

CVEs referencing this url
http://support.apple.com/kb/HT3639

About the security content of iOS 3.0 Software Update - Apple Support
Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2009-1680

Products affected by CVE-2009-1680

Exploit prediction scoring system (EPSS) score for CVE-2009-1680

CVSS scores for CVE-2009-1680

CWE ids for CVE-2009-1680

References for CVE-2009-1680