VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 18, 2010· Updated Apr 29, 2026

CVE-2010-1387

CVE-2010-1387

Description

Use-after-free in WebKit's JavaScriptCore allows remote code execution via crafted page transitions on Apple iTunes (Windows) and iOS before 4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Use-after-free in WebKit's JavaScriptCore allows remote code execution via crafted page transitions on Apple iTunes (Windows) and iOS before 4.

Vulnerability

A use-after-free vulnerability exists in JavaScriptCore, the JavaScript engine of WebKit, as used in Apple iTunes before version 9.2 on Windows and Apple iOS before version 4 on iPhone and iPod touch [1][3]. The bug is triggered during page transitions, where an object is freed but later accessed, leading to memory corruption. This CVE (CVE-2010-1387) is distinct from related issues CVE-2010-1763 and CVE-2010-1769 [1].

Exploitation

An attacker can exploit this vulnerability by enticing a user to visit a maliciously crafted web page that triggers the use-after-free condition during navigation [3]. The attacker needs no special network position beyond serving the page, and no authentication is required. The exploit occurs when the page transition sequence causes freed memory to be dereferenced, leading to code execution within the browser context.

Impact

Successful exploitation allows a remote attacker to execute arbitrary code on the affected system or cause a denial of service (application crash) [1][3]. The attacker gains the same privileges as the user running the application, potentially leading to full system compromise if the user has administrative rights. All CIA triad aspects (confidentiality, integrity, availability) may be compromised.

Mitigation

Apple has addressed this vulnerability by releasing iTunes 9.2 for Windows and iOS 4 for iPhone and iPod touch [1][3]. Users should update to these versions or later. No workaround is available, as the fix requires updating the software. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.

References
  1. About the security content of iOS 4 - Apple Support
  2. About the security content of iTunes 9.2 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

84
  • Apple Inc./iTunes59 versions
    cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*+ 58 more
    • cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*range: <=9.0.3
    • cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:4.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:4.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:4.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:4.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:4.7:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:4.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:4.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:4.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:4.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:6.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:6.0.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:6.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:7.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:7.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:7.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:7.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:7.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:7.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:7.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:7.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:7.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:7.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:7.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:7.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:7.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:7.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:7.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:7.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:7.7:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:7.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:7.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:8.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:8.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:8.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:8.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:9.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:9.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:itunes:9.0.2:*:*:*:*:*:*:*
    • (no CPE)range: <9.2
  • Apple Inc./Iphone OS24 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 23 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=3.2.1
    • cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*
  • Apple Inc./iOSllm-fuzzy
    Range: <4

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

21

News mentions

0

No linked articles in our index yet.