Safari exploit published

Affects iOS 6.0.1, and OS X 10.7, 10.8.

An exploit has surfaced that targets a patched vulnerability in Apple's Safari browser.

The WebKit JavaScript heap buffer overflow hole (CVE-2012-3748) was found by researcher Vitaliy Toropov and affected iOS version 6.0.1 and OS X Lion and Mountain Lion.

"The exploit for this vulnerability is a JavaScript code which shows how to use it for memory corruption of internal JS objects and subsequent arbitrary code execution, Toropov said in a post.

"[The JavaScriptCore JSArray::sort(...)] method accepts the user-defined JavaScript function and calls it from the native code to compare array items. If this compare function reduces array length, then the trailing array items will be written outside the "m_storage->m_vector[]" buffer, which leads to the heap memory corruption."

Details of the exploit were published in a Packet Storm advisory.

Anthropic releases Mythos-class model for public use

Stockland builds AI assistant as a bridge into SAP

Perth Airport to deploy 70 IT, OT systems for new terminal

In Pictures: iTnews Cloud Covered Breakfast Summit - Sydney

Apple bumps up security in fresh operating system releases

Safari exploit published

Affects iOS 6.0.1, and OS X 10.7, 10.8.

Partner Content

Sponsored Whitepapers

Events

Most Read Articles

Anthropic opens Claude Mythos Preview AI program to Australia

Defence says Palantir is "sandboxed" in its environment

Services Australia describes fraud, debt-related machine learning use cases

Researchers build self-replicating AI worm with BYO LLM

Most popular tech stories

Treasury Wine Estates to go big on digital, data and AI

ABC drops Salesforce for Braze

Chemist Warehouse's AI tool for HR becoming a "standard pattern"

Virgin Australia, Wesfarmers strike OpenAI agreements

Suncorp creates a "clear execution roadmap" for agentic AI

HamiltonJet partners with digital services provider Fortude

SentinelOne signs distribution agreement with Sektor

Rapid7’s new SIEM combines exposure management with threat detection

The techpartner.news podcast, episode 3: Why security consultancy founder Kat McCrabb started with the hard stuff

Bluechip Infotech enters final stage of Goodson Imports acquisition

Blackberry celebrates "giant step forward"

'Touch-free' smartphone controlled with head movements

Photos: Australian industry explores data for net zero

Telstra Purple acquires IoT specialists Alliance Automation, Aqura Technologies

Govt launches consumer tech label program for smart devices

Anthropic releases Mythos-class model for public use

Stockland builds AI assistant as a bridge into SAP

Perth Airport to deploy 70 IT, OT systems for new terminal

In Pictures: iTnews Cloud Covered Breakfast Summit - Sydney

Apple bumps up security in fresh operating system releases

Safari exploit published

Affects iOS 6.0.1, and OS X 10.7, 10.8.

Add iTnews as your trusted source

Partner Content

Sponsored Whitepapers

Events

Most Read Articles

Anthropic opens Claude Mythos Preview AI program to Australia

Defence says Palantir is "sandboxed" in its environment

Services Australia describes fraud, debt-related machine learning use cases

Researchers build self-replicating AI worm with BYO LLM

Most popular tech stories

Treasury Wine Estates to go big on digital, data and AI

ABC drops Salesforce for Braze

Chemist Warehouse's AI tool for HR becoming a "standard pattern"

Virgin Australia, Wesfarmers strike OpenAI agreements

Suncorp creates a "clear execution roadmap" for agentic AI

HamiltonJet partners with digital services provider Fortude

SentinelOne signs distribution agreement with Sektor

Rapid7’s new SIEM combines exposure management with threat detection

The techpartner.news podcast, episode 3: Why security consultancy founder Kat McCrabb started with the hard stuff

Bluechip Infotech enters final stage of Goodson Imports acquisition

Blackberry celebrates "giant step forward"

'Touch-free' smartphone controlled with head movements

Photos: Australian industry explores data for net zero

Telstra Purple acquires IoT specialists Alliance Automation, Aqura Technologies

Govt launches consumer tech label program for smart devices

Log In