CVE-2011-1344

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2011-1344 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Matthieu Bonetti.
The original article can be found at: http://seclists.org/bugtraq/2011/Apr/160

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2011-1344

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Apple Safari version 5.0.4 and prior for Windows
* Apple Safari version 5.0.4 and prior for Mac OS X
* Apple iOS versions 3.0 through 4.3.1 for iPhone 3GS and later
* Apple iOS versions 3.1 through 4.3.1 for iPod touch (3rd generation) and later
* Apple iOS versions 3.2 through 4.3.1 for iPad
* Apple iOS versions 4.2.5 through 4.2.6 for iPhone 4 (CDMA)

Immune Systems:
* Apple Safari version 5.0.5 for Windows
* Apple Safari version 5.0.5 for Mac OS X.
* Apple iOS version 4.3.2 for iPhone
* Apple iOS version 4.3.2 for iPod
* Apple iOS version 4.3.2 for iPad.
* Apple iOS version 4.2.7 for iPhone 4 (CDMA).

The vulnerability is caused by a use-after-free error in the WebKit library when processing certain text nodes, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

CVE Information:
CVE-2011-1344

Disclosure Timeline:
2011-02-26 - Vulnerability Discovered
2011-04-14 - Apple updates available

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus