CVE-2017-7064

MEDIUM

Apple <10.3.3, <10.1.2, <6.2.2, <12.6.2 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-7064. PoCs published by Google Security Research.

AI-analyzed exploit summary This PoC exploits a memory corruption vulnerability in WebKit's JSC (CVE-2017-7064) where uninitialized memory from an 'ArrayWithUndecided' type array is copied into another array during concatenation, potentially leading to information leakage or further exploitation.

Description

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the "WebKit" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · htmldosmultiple

https://www.exploit-db.com/exploits/42375

View Code ZIP pw:eip

This PoC exploits a memory corruption vulnerability in WebKit's JSC (CVE-2017-7064) where uninitialized memory from an 'ArrayWithUndecided' type array is copied into another array during concatenation, potentially leading to information leakage or further exploitation.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: WebKit JavaScriptCore (JSC)

No auth needed

Prerequisites: Target must be using a vulnerable version of WebKit JSC

MITRE ATT&CK