Back to search
CVE-2011-1344
Published: Mar 10, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
44151
third-party-advisory
x_refsource_SECUNIA
20110415 VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability (CVE-2011-1344)
mailing-list
x_refsource_BUGTRAQ
http://twitter.com/aaronportnoy/statuses/45632544967901187
x_refsource_MISC
46822
vdb-entry
x_refsource_BID
http://support.apple.com/kb/HT4596
x_refsource_CONFIRM
APPLE-SA-2011-04-14-3
vendor-advisory
x_refsource_APPLE
1025363
vdb-entry
x_refsource_SECTRACK
APPLE-SA-2011-04-14-2
vendor-advisory
x_refsource_APPLE
http://www.zerodayinitiative.com/advisories/ZDI-11-135
x_refsource_MISC
ADV-2011-0984
vdb-entry
x_refsource_VUPEN
http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011
x_refsource_MISC
20110414 ZDI-11-135: (Pwn2Own) WebKit WBR Tag Removal Remote Code Execution Vulnerability
mailing-list
x_refsource_BUGTRAQ
http://support.apple.com/kb/HT4607
x_refsource_CONFIRM
safari-webkit-unspec-code-exec(66061)
vdb-entry
x_refsource_XF
APPLE-SA-2011-04-14-1
vendor-advisory
x_refsource_APPLE
44154
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now