CVE-2011-0158
Description
MobileSafari in iOS before 4.3 mishandles URL handlers, allowing crafted JavaScript to persistently crash the application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
MobileSafari in iOS before 4.3 mishandles URL handlers, allowing crafted JavaScript to persistently crash the application.
Vulnerability
MobileSafari in Apple iOS versions prior to 4.3 does not properly implement application launching through URL handlers. This allows a remote attacker to cause a denial of service (persistent application crash) by sending crafted JavaScript code. The vulnerability affects iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, and iOS 3.2 through 4.2.1 for iPad [1].
Exploitation
An attacker can exploit this vulnerability by luring a user to visit a malicious web page containing specially crafted JavaScript. The JavaScript triggers a URL handler in a way that causes MobileSafari to crash persistently. No authentication or special network position is required beyond the ability to serve a web page to the victim.
Impact
Successful exploitation results in a persistent denial of service: MobileSafari crashes repeatedly, preventing normal use of the browser. The crash persists even after restarting the application, requiring a system restart or other intervention to recover. No data theft or code execution is reported.
Mitigation
Apple addressed this issue in iOS 4.3, released on March 9, 2011 [1]. Users should update their devices to iOS 4.3 or later via iTunes. No workaround is available for earlier versions.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
31cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 29 more
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=4.2
- cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*
- Range: <4.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5News mentions
0No linked articles in our index yet.