Safari exploit published

Affects iOS 6.0.1, and OS X 10.7, 10.8.

An exploit has surfaced that targets a patched vulnerability in Apple's Safari browser.

The WebKit JavaScript heap buffer overflow hole (CVE-2012-3748) was found by researcher Vitaliy Toropov and affected iOS version 6.0.1 and OS X Lion and Mountain Lion.

"The exploit for this vulnerability is a JavaScript code which shows how to use it for memory corruption of internal JS objects and subsequent arbitrary code execution, Toropov said in a post.

"[The JavaScriptCore JSArray::sort(...)] method accepts the user-defined JavaScript function and calls it from the native code to compare array items. If this compare function reduces array length, then the trailing array items will be written outside the "m_storage->m_vector[]" buffer, which leads to the heap memory corruption."

Details of the exploit were published in a Packet Storm advisory.

M365 portal buckling as demand for Copilot refunds soar

DVA trials ChatGPT-based tool with 300 staff

Microsoft launches 'superintelligence' team

In pictures: The 2025 iTnews Benchmark Security Awards winners

NAB hits milestone with tech role insourcing

Safari exploit published

Affects iOS 6.0.1, and OS X 10.7, 10.8.

Partner Content

Sponsored Whitepapers

Events

Most Read Articles

The BoM has finally tamed SSL

Tasmanian gov agencies impacted by cyber attack

Australian chief at US defence contractor L3Harris sold exploits to Russia

Vic gov agencies flying blind on server security, audit finds

Most popular tech stories

ABC drops Salesforce for Braze

Westpac Intelligence Layer breaks cover

Suncorp creates a "clear execution roadmap" for agentic AI

Qantas' digital and customer head steps down

Uniting uses GenAI to cut admin burden for frontline care workers

HamiltonJet partners with digital services provider Fortude

SentinelOne signs distribution agreement with Sektor

Rapid7’s new SIEM combines exposure management with threat detection

The techpartner.news podcast, episode 3: Why security consultancy founder Kat McCrabb started with the hard stuff

Bluechip Infotech enters final stage of Goodson Imports acquisition

Blackberry celebrates "giant step forward"

Photos: Australian industry explores data for net zero

Telstra Purple acquires IoT specialists Alliance Automation, Aqura Technologies

We look back at moments in IoT that were important in Australia

'Touch-free' smartphone controlled with head movements

M365 portal buckling as demand for Copilot refunds soar

DVA trials ChatGPT-based tool with 300 staff

Microsoft launches 'superintelligence' team

In pictures: The 2025 iTnews Benchmark Security Awards winners

NAB hits milestone with tech role insourcing

Safari exploit published

Affects iOS 6.0.1, and OS X 10.7, 10.8.

Partner Content

Sponsored Whitepapers

Events

Most Read Articles

The BoM has finally tamed SSL

Tasmanian gov agencies impacted by cyber attack

Australian chief at US defence contractor L3Harris sold exploits to Russia

Vic gov agencies flying blind on server security, audit finds

Most popular tech stories

ABC drops Salesforce for Braze

Westpac Intelligence Layer breaks cover

Suncorp creates a "clear execution roadmap" for agentic AI

Qantas' digital and customer head steps down

Uniting uses GenAI to cut admin burden for frontline care workers

HamiltonJet partners with digital services provider Fortude

SentinelOne signs distribution agreement with Sektor

Rapid7’s new SIEM combines exposure management with threat detection

The techpartner.news podcast, episode 3: Why security consultancy founder Kat McCrabb started with the hard stuff

Bluechip Infotech enters final stage of Goodson Imports acquisition

Blackberry celebrates "giant step forward"

Photos: Australian industry explores data for net zero

Telstra Purple acquires IoT specialists Alliance Automation, Aqura Technologies

We look back at moments in IoT that were important in Australia

'Touch-free' smartphone controlled with head movements

Log In