An exploit has surfaced that targets a patched vulnerability in Apple's Safari browser.
The WebKit JavaScript heap buffer overflow hole (CVE-2012-3748) was found by researcher Vitaliy Toropov and affected iOS version 6.0.1 and OS X Lion and Mountain Lion.
"The exploit for this vulnerability is a JavaScript code which shows how to use it for memory corruption of internal JS objects and subsequent arbitrary code execution, Toropov said in a post.
"[The JavaScriptCore JSArray::sort(...)] method accepts the user-defined JavaScript function and calls it from the native code to compare array items. If this compare function reduces array length, then the trailing array items will be written outside the "m_storage->m_vector[]" buffer, which leads to the heap memory corruption."
Details of the exploit were published in a Packet Storm advisory.
