VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 11, 2011· Updated Apr 29, 2026

CVE-2011-0161

CVE-2011-0161

Description

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

WebKit in Safari before 5.0.4 and iOS before 4.3 allows SOP bypass and CSS injection via crafted site.

Vulnerability

CVE-2011-0161 is a security issue in WebKit, as used in Apple Safari versions before 5.0.4 and iOS versions before 4.3. The vulnerability exists in the handling of the Attr.style accessor. Under certain conditions, a remote attacker can bypass the Same Origin Policy (SOP) and inject Cascading Style Sheets token sequences. [1]

Exploitation

An attacker can exploit this vulnerability by hosting a crafted website that triggers the improper handling of the Attr.style accessor. The user must visit this website using a vulnerable version of Safari or iOS. No additional authentication or user interaction beyond visiting the site is required.

Impact

Successful exploitation allows the attacker to bypass the Same Origin Policy, which typically prevents a website from accessing data from another origin. Additionally, the attacker can inject CSS token sequences, potentially leading to information disclosure or other cross-origin attacks.

Mitigation

Apple addressed this issue by releasing Safari 5.0.4 and iOS 4.3. Users should update to these or later versions. There is no known workaround for this vulnerability besides applying the update. [1]

References
  1. About the security content of iOS 4.3 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

97
  • Apple Inc./Safari65 versions
    cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 64 more
    • cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <=5.0.3
    • cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.0.0b1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.0.0b2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.0.3:85.8:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.0.3:85.8.1:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.3.2:312.5:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.3.2:312.6:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:4.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:4.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:5.0.2:*:*:*:*:*:*:*
    • (no CPE)range: <5.0.4
  • Apple Inc./Webkit
    cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*
  • Apple Inc./Iphone Os30 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 29 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=4.2
    • cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*
  • Apple Inc./iOSllm-fuzzy
    Range: <4.3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.