CVE-2011-1344

Name of the Vulnerable Software and Affected Versions Apple Safari versions prior to 5.0.5 iOS versions prior to 4.3.2 for iPhone, iPod, and iPad iOS versions prior to 4.2.7 for iPhone 4 (CDMA)

Description The issue allows remote attackers to execute arbitrary code by exploiting a use-after-free vulnerability in WebKit. This can be achieved by adding children to a WBR tag and then removing the tag, related to text nodes. The vulnerability was demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011.

Recommendations For Apple Safari versions prior to 5.0.5, update to version 5.0.5 or later. For iOS versions prior to 4.3.2 for iPhone, iPod, and iPad, update to version 4.3.2 or later. For iOS versions prior to 4.2.7 for iPhone 4 (CDMA), update to version 4.2.7 or later. As a temporary workaround, consider restricting access to WebKit until a patch is available.