CVE-2011-1344Apple Iphone OS vulnerability

CWE-3993 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
5.3%
top 9.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple Iphone OSApple Safari
Timeline
PublishedMar 10
Latest updateMay 14

Description

Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDapple/iphone_os4.3.1+35
NVDapple/safari5.0.4+60

🔴Vulnerability Details

2
GHSA
GHSA-x46j-m9hq-6vwm: Use-after-free vulnerability in WebKit, as used in Apple Safari before 52022-05-14
OSV
CVE-2011-1344: Use-after-free vulnerability in WebKit, as used in Apple Safari before 52011-03-10