Latest News

Telstra-led consortium to build out NSW's digital twin

Victoria embarks on govt cyber security uplift

UK seeks to break down digital trade barriers

India antitrust probe finds Google abused Android dominance

Why educators should partner rather than compete with EdTech

Safari exploit published

By Darren Pauli on Sep 5, 2013 3:24AM

Safari exploit published

Affects iOS 6.0.1, and OS X 10.7, 10.8.

An exploit has surfaced that targets a patched vulnerability in Apple's Safari browser.

The WebKit JavaScript heap buffer overflow hole (CVE-2012-3748) was found by researcher Vitaliy Toropov and affected iOS version 6.0.1 and OS X Lion and Mountain Lion.

"The exploit for this vulnerability is a JavaScript code which shows how to use it for memory corruption of internal JS objects and subsequent arbitrary code execution, Toropov said in a post.

"[The JavaScriptCore JSArray::sort(...)] method accepts the user-defined JavaScript function and calls it from the native code to compare array items. If this compare function reduces array length, then the trailing array items will be written outside the "m_storage->m_vector[]" buffer, which leads to the heap memory corruption."

Details of the exploit were published in a Packet Storm advisory.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

apple exploits safari security vulnerabilities web browsers

Partner Content

Why encryption is the key to digital fitness, according to Thales

Partner Content Why encryption is the key to digital fitness, according to Thales

Rethinking security and access for hybrid work

Partner Content Rethinking security and access for hybrid work

Setting a digital trajectory for Victoria's courts system

Partner Content Setting a digital trajectory for Victoria's courts system

New report reveals opportunities to address weak security in APAC organisations

Promoted Content New report reveals opportunities to address weak security in APAC organisations

Sponsored Whitepapers

Tomago Aluminium improves SAP environment performance, security with Red Hat and IBM

Tomago Aluminium improves SAP environment performance, security with Red Hat and IBM

Future of work: Support your distributed HR workforce with digital document processes

Future of work: Support your distributed HR workforce with digital document processes

Develop a resiliency strategy that integrates risk analysis & continuity management

Develop a resiliency strategy that integrates risk analysis & continuity management

IBM Maximo: Manage any asset, anytime, any place with mobile EAM

IBM Maximo: Manage any asset, anytime, any place with mobile EAM

Optimise your operations with APM and AI-Powered insights

Optimise your operations with APM and AI-Powered insights

Events

Nutanix .NEXT Conference

Most Read Articles

Westpac replaces branch phone systems with iPhones, Teams Calling

Westpac replaces branch phone systems with iPhones, Teams Calling

Westpac loses its group head of data and advanced analytics

Westpac loses its group head of data and advanced analytics

NBN Co to charge free fibre recipients that don't stick with higher speed plans

NBN Co to charge free fibre recipients that don't stick with higher speed plans

Accenture wins contract for passenger declarations platform

Accenture wins contract for passenger declarations platform

Most popular tech stories