CVE-2011-0154

Name of the Vulnerable Software and Affected Versions WebKit, as used in Apple iTunes versions prior to 10.2 on Windows WebKit, as used in Apple iOS (affected versions not specified)

Description The issue is related to the improper implementation of the sort function for JavaScript arrays in WebKit. This can be exploited by man-in-the-middle attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash. The attack vectors are related to iTunes Store browsing.

Recommendations For Apple iTunes versions prior to 10.2 on Windows: Update to version 10.2 or later to resolve the issue. For Apple iOS: At the moment, there is no information about a newer version that contains a fix for this vulnerability.