CVE-2008-2303

Safari on Apple iPhone and iPod touch before 2.0 - Remote Code Execution via JavaScript Array Index Mismanagement

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2303. PoCs published by Hiromitsu Takagi.

AI-analyzed exploit summary This exploit leverages a signedness issue in Safari's JavaScript function arguments array to achieve arbitrary memory access, combined with heap spraying to execute arbitrary code. It targets a vulnerability in iPhone and iPod touch devices running versions 1.0 through 1.1.4.

Description

Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Hiromitsu Takagi · htmlremoteosx

https://www.exploit-db.com/exploits/32048

View Code ZIP pw:eip

This exploit leverages a signedness issue in Safari's JavaScript function arguments array to achieve arbitrary memory access, combined with heap spraying to execute arbitrary code. It targets a vulnerability in iPhone and iPod touch devices running versions 1.0 through 1.1.4.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Complex

Reliability

Theoretical

Target: Apple iPhone 1.0-1.1.4, iPod touch 1.1-1.1.4

No auth needed

Prerequisites: Victim must visit a malicious webpage using Safari on a vulnerable iPhone or iPod touch

MITRE ATT&CK