VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability (CVE-2011-1344)

VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability CVE-2011-1344 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Apple Safari is a web browser developed by Apple. As of February 2010, Safari was the fourth most widely used browser,...

About the security content of Safari 5.0.5

About the security content of Safari 5.0.5 Last Modified: April 14, 2011 Article: HT4596 Email this article Print this page Summary This document describes the security content of Safari 5.0.5. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until...

Apple iTunes < 10.2.2 Multiple (credentialed check)

The version of Apple iTunes installed on the remote Windows host is older than 10.2.2. As such, it is potentially affected by several issues : - An integer overflow issue in the handling of nodesets could lead to a crash or arbitrary code execution. CVE-2011-1290 - A use after free issue in the...

Apple iTunes < 10.2.2 Multiple Vulnerabilities (uncredentialed check)

The version of Apple iTunes on the remote host is prior to version 10.2.2. It is, therefore, affected by multiple vulnerabilities in the WebKit component : - An integer overflow vulnerability exists in the handling of nodesets that can be exploited by a remote attacker to execute arbitrary code...

CVE-2011-1344

CVE-2011-1344 is a use-after-free vulnerability in WebKit that enables remote code execution via crafted DOM manipulation (adding then removing a WBR tag), as demonstrated during Pwn2Own. Affected products include Apple Safari prior to 5.0.5 and iOS prior to 4.3.2 (iPhone, iPod, iPad) and iOS pri...