Safari exploit published

By

Affects iOS 6.0.1, and OS X 10.7, 10.8.

An exploit has surfaced that targets a patched vulnerability in Apple's Safari browser.

Safari exploit published

The WebKit JavaScript heap buffer overflow hole (CVE-2012-3748) was found by researcher Vitaliy Toropov and affected iOS version 6.0.1 and OS X Lion and Mountain Lion.

"The exploit for this vulnerability is a JavaScript code which shows how to use it for memory corruption of internal JS objects and subsequent arbitrary code execution, Toropov said in a post.

"[The JavaScriptCore JSArray::sort(...)] method accepts the user-defined JavaScript function and calls it from the native code to compare array items. If this compare function reduces array length, then the trailing array items will be written outside the "m_storage->m_vector[]" buffer, which leads to the heap memory corruption."

Details of the exploit were published in a Packet Storm advisory.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Sportsbet recruits 'security champions' in shift-left strategy

Sportsbet recruits 'security champions' in shift-left strategy

Log In

  |  Forgot your password?