CVE-2012-3748

Safari < 6.0.1 - Remote Code Execution via JavaScript Array Race Condition

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-3748. PoCs published by Vitaliy Toropov.

AI-analyzed exploit summary This advisory describes a heap buffer overflow vulnerability in Apple Safari's WebKit JavaScriptCore JSArray::sort method, which can lead to memory corruption and arbitrary code execution. The exploit details are referenced but not directly included in the provided text.

Description

Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.

Exploits (1)

exploitdb WRITEUP

by Vitaliy Toropov · textremoteios

https://www.exploit-db.com/exploits/28081

View Code ZIP pw:eip

This advisory describes a heap buffer overflow vulnerability in Apple Safari's WebKit JavaScriptCore JSArray::sort method, which can lead to memory corruption and arbitrary code execution. The exploit details are referenced but not directly included in the provided text.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Complex

Reliability

Theoretical

Target: Apple Safari 6.0.1 for iOS 6.0 and OS X 10.7/8

No auth needed

Prerequisites: Target must be running a vulnerable version of Apple Safari

MITRE ATT&CK