CVE-2011-1344
Summary
| CVE | CVE-2011-1344 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2011-03-10 20:55:01 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:M/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Apple | Ipad | All | All | All | All |
| Operating System | Apple | Iphone Os | All | All | All | All |
| Operating System | Apple | Iphone Os | 1.0.0 | All | All | All |
| Operating System | Apple | Iphone Os | 1.0.1 | All | All | All |
| Operating System | Apple | Iphone Os | 1.0.2 | All | All | All |
| Operating System | Apple | Iphone Os | 1.1.0 | All | All | All |
| Operating System | Apple | Iphone Os | 1.1.1 | All | All | All |
| Operating System | Apple | Iphone Os | 1.1.2 | All | All | All |
| Operating System | Apple | Iphone Os | 1.1.3 | All | All | All |
| Operating System | Apple | Iphone Os | 1.1.4 | All | All | All |
| Operating System | Apple | Iphone Os | 1.1.5 | All | All | All |
| Operating System | Apple | Iphone Os | 2.0 | All | All | All |
| Operating System | Apple | Iphone Os | 2.0.0 | All | All | All |
| Operating System | Apple | Iphone Os | 2.0.1 | All | All | All |
| Operating System | Apple | Iphone Os | 2.0.2 | All | All | All |
| Operating System | Apple | Iphone Os | 2.1 | All | All | All |
| Operating System | Apple | Iphone Os | 2.1.1 | All | All | All |
| Operating System | Apple | Iphone Os | 2.2 | All | All | All |
| Operating System | Apple | Iphone Os | 2.2.1 | All | All | All |
| Operating System | Apple | Iphone Os | 3.0 | All | All | All |
| Operating System | Apple | Iphone Os | 3.0.1 | All | All | All |
| Operating System | Apple | Iphone Os | 3.1 | All | All | All |
| Operating System | Apple | Iphone Os | 3.1.2 | All | All | All |
| Operating System | Apple | Iphone Os | 3.1.3 | All | All | All |
| Operating System | Apple | Iphone Os | 3.2 | All | All | All |
| Operating System | Apple | Iphone Os | 3.2.1 | All | All | All |
| Operating System | Apple | Iphone Os | 4.0 | All | All | All |
| Operating System | Apple | Iphone Os | 4.0.1 | All | All | All |
| Operating System | Apple | Iphone Os | 4.0.2 | All | All | All |
| Operating System | Apple | Iphone Os | 4.1 | All | All | All |
| Operating System | Apple | Iphone Os | 4.2 | All | All | All |
| Operating System | Apple | Iphone Os | 4.2.1 | All | All | All |
| Operating System | Apple | Iphone Os | 4.2.5 | All | All | All |
| Operating System | Apple | Iphone Os | 4.2.8 | All | All | All |
| Operating System | Apple | Iphone Os | 4.3.0 | All | All | All |
| Operating System | Apple | Iphone Os | All | All | All | All |
| Operating System | Apple | Iphone Os | All | All | All | All |
| Hardware | Apple | Ipod Touch | All | All | All | All |
| Application | Apple | Safari | 1.0 | All | All | All |
| Application | Apple | Safari | 1.0 | beta | All | All |
| Application | Apple | Safari | 1.0 | beta2 | All | All |
| Application | Apple | Safari | 1.0.0 | All | All | All |
| Application | Apple | Safari | 1.0.0b1 | All | All | All |
| Application | Apple | Safari | 1.0.0b2 | All | All | All |
| Application | Apple | Safari | 1.0.1 | All | All | All |
| Application | Apple | Safari | 1.0.2 | All | All | All |
| Application | Apple | Safari | 1.0.3 | All | All | All |
| Application | Apple | Safari | 1.0.3 | 85.8 | All | All |
| Application | Apple | Safari | 1.0.3 | 85.8.1 | All | All |
| Application | Apple | Safari | 1.1 | All | All | All |
| Application | Apple | Safari | 1.1.0 | All | All | All |
| Application | Apple | Safari | 1.1.1 | All | All | All |
| Application | Apple | Safari | 1.2 | All | All | All |
| Application | Apple | Safari | 1.2.0 | All | All | All |
| Application | Apple | Safari | 1.2.1 | All | All | All |
| Application | Apple | Safari | 1.2.2 | All | All | All |
| Application | Apple | Safari | 1.2.3 | All | All | All |
| Application | Apple | Safari | 1.2.4 | All | All | All |
| Application | Apple | Safari | 1.2.5 | All | All | All |
| Application | Apple | Safari | 1.3 | All | All | All |
| Application | Apple | Safari | 1.3.0 | All | All | All |
| Application | Apple | Safari | 1.3.1 | All | All | All |
| Application | Apple | Safari | 1.3.2 | All | All | All |
| Application | Apple | Safari | 1.3.2 | 312.5 | All | All |
| Application | Apple | Safari | 1.3.2 | 312.6 | All | All |
| Application | Apple | Safari | 2 | All | All | All |
| Application | Apple | Safari | 2.0 | All | All | All |
| Application | Apple | Safari | 2.0.0 | All | All | All |
| Application | Apple | Safari | 2.0.1 | All | All | All |
| Application | Apple | Safari | 2.0.2 | All | All | All |
| Application | Apple | Safari | 2.0.3 | All | All | All |
| Application | Apple | Safari | 2.0.3 | 417.8 | All | All |
| Application | Apple | Safari | 2.0.3 | 417.9 | All | All |
| Application | Apple | Safari | 2.0.3 | 417.9.2 | All | All |
| Application | Apple | Safari | 2.0.3 | 417.9.3 | All | All |
| Application | Apple | Safari | 2.0.4 | All | All | All |
| Application | Apple | Safari | 3 | All | All | All |
| Application | Apple | Safari | 3.0 | All | All | All |
| Application | Apple | Safari | 3.0.0 | All | All | All |
| Application | Apple | Safari | 3.0.0b | All | All | All |
| Application | Apple | Safari | 3.0.1 | All | All | All |
| Application | Apple | Safari | 3.0.1b | All | All | All |
| Application | Apple | Safari | 3.0.2 | All | All | All |
| Application | Apple | Safari | 3.0.2b | All | All | All |
| Application | Apple | Safari | 3.0.3 | All | All | All |
| Application | Apple | Safari | 3.0.3b | All | All | All |
| Application | Apple | Safari | 3.0.4 | All | All | All |
| Application | Apple | Safari | 3.0.4b | All | All | All |
| Application | Apple | Safari | 3.1.0 | All | All | All |
| Application | Apple | Safari | 3.1.0b | All | All | All |
| Application | Apple | Safari | 3.1.1 | All | All | All |
| Application | Apple | Safari | 3.1.2 | All | All | All |
| Application | Apple | Safari | 3.2.0 | All | All | All |
| Application | Apple | Safari | 3.2.1 | All | All | All |
| Application | Apple | Safari | 3.2.2 | All | All | All |
| Application | Apple | Safari | 4.0 | All | All | All |
| Application | Apple | Safari | 4.0 | beta | All | All |
| Application | Apple | Safari | 4.0.0b | All | All | All |
| Application | Apple | Safari | 4.0.1 | All | All | All |
| Application | Apple | Safari | 4.0.2 | All | All | All |
| Application | Apple | Safari | 4.0.3 | All | All | All |
| Application | Apple | Safari | 4.0.4 | All | All | All |
| Application | Apple | Safari | 4.0.5 | All | All | All |
| Application | Apple | Safari | 4.1 | All | All | All |
| Application | Apple | Safari | 4.1.1 | All | All | All |
| Application | Apple | Safari | 4.1.2 | All | All | All |
| Application | Apple | Safari | 5.0 | All | All | All |
| Application | Apple | Safari | 5.0.1 | All | All | All |
| Application | Apple | Safari | 5.0.2 | All | All | All |
| Application | Apple | Safari | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Apple Safari Two Vulnerabilities - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| About the security content of Safari 5.0.5 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| About the security content of iOS 4.2.7 Software Update for iPhone | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | |
| WebKit WBR Tags Use-After-Free Remote Code Execution Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| APPLE-SA-2011-04-14-3 Safari 5.0.5 | af854a3a-2127-422b-91ae-364da2661108 | lists.apple.com | |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Safari/MacBook first to fall at Pwn2Own 2011 | ZDNet | af854a3a-2127-422b-91ae-364da2661108 | www.zdnet.com | |
| JavaScript is not available. | af854a3a-2127-422b-91ae-364da2661108 | twitter.com | |
| Apple Safari Text Node Use-After-Free Lets Remote Users Execute Arbitrary Code - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| APPLE-SA-2011-04-14-1 iOS 4.3.2 Software Update | af854a3a-2127-422b-91ae-364da2661108 | lists.apple.com | |
| Apple iOS for iPhone 4 (CDMA) Multiple Vulnerabilities - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Zero Day Initiative | af854a3a-2127-422b-91ae-364da2661108 | www.zerodayinitiative.com | |
| Threat Intelligence | Digital Vaccine® | ThreatLinQ | Trend Micro | af854a3a-2127-422b-91ae-364da2661108 | dvlabs.tippingpoint.com | |
| Safari, IE hacked first at Pwn2Own | Computerworld | af854a3a-2127-422b-91ae-364da2661108 | www.computerworld.com | |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| APPLE-SA-2011-04-14-2 iOS 4.2.7 Software Update for iPhone | af854a3a-2127-422b-91ae-364da2661108 | lists.apple.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.