Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2011-0154 to a friend New vulnerability? New tool? Tell us	CVE-2011-0154 Apple iPhone Webkit Library Javascript Array sort Method Code Execution Vulnerability     Credit: The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-11-101/ Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2011-0154 Details Check for CVE-2011-0154 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Apple Webkit User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the library implements the .sort function for an array. The library will trust the implementation of a particular method which when executed can be used to manipulate elements out from underneath it. This can lead to code execution under the context of the application. Patch Availability: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT4554 CVE Information: CVE-2011-0154 Disclosure Timeline: 2010-09-29 - Vulnerability reported to vendor 2011-03-02 - Coordinated public release of advisory  Comments on CVE-2011-0154:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2017 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®