CVE-2011-1344
CVE-2011-1344
Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2011//Apr/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2011//Apr/msg00002.htmlhttp://secunia.com/advisories/44151http://secunia.com/advisories/44154https://exchange.xforce.ibmcloud.com/vulnerabilities/66061http://support.apple.com/kb/HT4596http://support.apple.com/kb/HT4607http://twitter.com/aaronportnoy/statuses/45632544967901187http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Ownhttp://www.securityfocus.com/archive/1/517505/100/0/threaded