CVE-2016-4622

HIGH

Safari < 9.1.2 - Remote Code Execution via Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2016-4622. PoCs published by saelo, hdbreaker.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2016-4622, a vulnerability in JavaScriptCore (WebKit) that allows arbitrary memory read/write. The exploit leverages type confusion in array operations to achieve remote code execution.

Description

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.

Exploits (2)

nomisec WORKING POC 109 stars

by saelo · poc

https://github.com/saelo/jscpwn

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2016-4622, a vulnerability in JavaScriptCore (WebKit) that allows arbitrary memory read/write. The exploit leverages type confusion in array operations to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: WebKit JavaScriptCore (Safari, other WebKit-based browsers)

No auth needed

Prerequisites: Victim must visit a malicious webpage · WebKit-based browser with vulnerable JavaScriptCore

MITRE ATT&CK

T1189 - Drive-by Compromise T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 22 stars

by hdbreaker · poc

https://github.com/hdbreaker/WebKit-CVE-2016-4622

View Code ZIP pw:eip

This repository contains functional exploit code demonstrating CVE-2016-4622, a memory disclosure vulnerability in WebKit's JavaScript Core engine. The exploit leverages a race condition in the Array.slice() implementation to leak adjacent memory contents.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: WebKit JavaScript Core (JSC)

No auth needed

Prerequisites: WebKit JavaScript Core (JSC) environment · Ability to execute JavaScript code

MITRE ATT&CK