Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1119Use After Free in Apple Safari

CWE-399CWE-416Use After Free7 documents7 sources
Severity
10.0CRITICALNVD
EPSS
45.8%
top 2.37%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Apple SafariApple Iphone OSApple MAC OS X+1 more
Timeline
PublishedMar 25
Latest updateMay 2

Description

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

NVDapple/safari4.0.5+56
NVDapple/iphone_os13 versions+12
NVDapple/mac_os_x11 versions+10
NVDapple/mac_os_x_server14 versions+13

Patches

Patch: lists.apple.comPatch: lists.apple.com

🔴Vulnerability Details

2
GHSA
GHSA-mx95-xphp-56vx: Use-after-free vulnerability in WebKit in Apple Safari before 52022-05-02
CVEList
CVE-2010-1119: Use-after-free vulnerability in WebKit in Apple Safari before 52010-03-25

💥Exploits & PoCs

1
Exploit-DB
Google Android 2.0/2.1/2.1.1 - WebKit Use-After-Free2011-03-14

🔍Detection Rules

1
Suricata
ET WEB_CLIENT Android Webkit removeChild Use-After-Free Remote Code Execution Attempt2011-03-16

📋Vendor Advisories

1
Red Hat
WebKit: use-after-free vulnerability in handling of attribute manipulation2010-06-07

💬Community

1
Bugzilla
CVE-2010-1119 WebKit: use-after-free vulnerability in handling of attribute manipulation2010-05-26
CVE-2010-1119 — Use After Free in Apple Safari | cvebase