Release date:
Updated on:
Affected Systems:
Apple Safari 4.x
Apple iTunes & lt; 10.1
WebKit Open Source Project WebKit r77705
WebKit Open Source Project WebKit r52833
WebKit Open Source Project WebKit r52401
WebKit Open Source Project WebKit r52401
WebKit Open Source Project WebKit r38566
WebKit Open Source Project WebKit 1.2.X
Apple iOS <= 4.2.1
Unaffected system:
Apple Safari 5.0.4 for Windows
Apple Safari 5.0.4
Apple iTunes 1, 10.2
Apple iOS 4.3
Description:
--------------------------------------------------------------------------------
Bugtraq id: 46745
Cve id: CVE-2011-0154
WebKit is an open-source Web browser engine and is currently used by browsers such as Safari and Chrome.
WebKit has a memory corruption vulnerability. Attackers can exploit this vulnerability to crash affected applications or cause DOS.
The library has a vulnerability in implementing the. sort function of arrays. The implementation of the library trust feature method can be used to operate non-library elements during execution. This can cause arbitrary code execution in the application.
<* Link: http://www.zerodayinitiative.com/advisories/ZDI-11-101/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Apple
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.apple.com