CVE-2010-1387 — Use After Free in Apple Iphone OS

CWE-399 CWE-416 — Use After Free8 documents4 sources

Severity

10.0CRITICALNVD

NVD9.3

EPSS

8.5%

top 7.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple Itunes

Timeline

PublishedJun 18

Latest updateMay 17

Description

Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDapple/itunes9.0.3+62

▶NVDapple/iphone_os3.2.1+23

🔴Vulnerability Details

GHSA

GHSA-59px-m78w-3rc3: Unspecified vulnerability in WebKit in Apple iTunes before 9↗2022-05-17

▶

GHSA

GHSA-hpch-jc47-w6qm: WebKit in Apple iTunes before 9↗2022-05-17

▶

GHSA

GHSA-3jqw-5j52-c5fj: Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9↗2022-05-02

▶

📋Vendor Advisories

Red Hat

WebKit: use-after-free vulnerability in JavaScriptCore during page transitions↗2010-06-07

▶

💬Community

Bugzilla

CVE-2010-1387 WebKit: use-after-free vulnerability in JavaScriptCore during page transitions↗2010-05-26

▶