VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 11, 2011· Updated Apr 29, 2026

CVE-2011-0163

CVE-2011-0163

Description

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

WebKit in Safari <5.0.4 and iOS <4.3 mishandles cached resources, allowing remote attackers to cause denial of service via cache-poisoning.

Vulnerability

WebKit, as used in Apple Safari before version 5.0.4 and iOS before version 4.3, improperly handles unspecified "cached resources," making it susceptible to cache-poisoning attacks. The vulnerability resides in the caching mechanism of WebKit and can be triggered when a user visits a crafted web page. [1]

Exploitation

An attacker must host or inject a malicious web page that conducts a cache-poisoning attack. No additional privileges or special network position are required beyond serving the page to the victim. The attack likely involves manipulating cached responses to cause future requests for the same resource to return incorrect or malicious content, leading to resource unavailability.

Impact

Successful exploitation results in a denial of service condition, specifically resource unavailability. The attacker's crafted page causes the browser or WebKit engine to serve incorrect cached resources, potentially breaking functionality of other web pages that rely on those resources. The scope is limited to the user's browsing session and does not grant code execution or data exfiltration.

Mitigation

The issue is addressed in Apple Safari 5.0.4 and iOS 4.3, which were released in March 2011. Users should update to these versions or later. No workarounds are documented in the available references. [1]

References
  1. About the security content of iOS 4.3 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

98
  • Apple Inc./Safari65 versions
    cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 64 more
    • cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <=5.0.3
    • cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.0.0b1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.0.0b2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.0.3:85.8:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.0.3:85.8.1:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.3.2:312.5:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:1.3.2:312.6:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:3.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:4.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:4.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:5.0.2:*:*:*:*:*:*:*
    • (no CPE)range: <5.0.4
  • Apple Inc./Webkit2 versions
    cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*
    • (no CPE)
  • Apple Inc./Iphone Os30 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 29 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=4.2
    • cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*
  • Apple Inc./iOSllm-fuzzy
    Range: <4.3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.