Twenty Year Anniversary
Showing 1 - 7 of 7 RSS Feed

CVE-2012-3748

Status Candidate

Overview

Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.

Related Files

Apple Security Advisory 2013-09-12-2
Posted Sep 13, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-09-12-2 - Safari 5.1.10 is now available. Multiple memory corruption issues existed in JavaScriptCore's JSArray::sort() method. These issues were addressed through additional bounds checking.

tags | advisory
systems | apple
advisories | CVE-2012-3748, CVE-2013-0997
MD5 | c74c81e084722951027412b281dbdca5
Packet Storm Advisory 2013-0903-1 - Apple Safari Heap Buffer Overflow
Posted Sep 4, 2013
Authored by Vitaliy Toropov | Site packetstormsecurity.com

A heap memory buffer overflow vulnerability exists within the WebKit's JavaScriptCore JSArray::sort(...) method. This method accepts the user-defined JavaScript function and calls it from the native code to compare array items. If this compare function reduces array length, then the trailing array items will be written outside the "m_storage->m_vector[]" buffer, which leads to the heap memory corruption. This finding was purchased through the Packet Storm Bug Bounty program.

tags | advisory, overflow, arbitrary, javascript, code execution, bug bounty, packet storm
systems | apple, osx, iphone, ios
advisories | CVE-2012-3748
MD5 | 84be806acc044302df636242b657b7ce
Packet Storm Exploit 2013-0903-1 - Apple Safari Heap Buffer Overflow
Posted Sep 4, 2013
Authored by Vitaliy Toropov | Site packetstormsecurity.com

A heap memory buffer overflow vulnerability exists within the WebKit's JavaScriptCore JSArray::sort(...) method. The exploit for this vulnerability is javascript code which shows how to use it for memory corruption of internal JS objects (Unit32Array and etc.) and subsequent arbitrary code execution (custom ARM/x64 payloads can be pasted into the JS code). This exploit affects Apple Safari version 6.0.1 for iOS 6.0 and OS X 10.7/8. Earlier versions may also be affected. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, overflow, arbitrary, javascript, code execution, bug bounty, packet storm
systems | apple, osx, iphone, ios
advisories | CVE-2012-3748
MD5 | 787a49feec5e44d9cffe71f5e9015a71
Apple Security Advisory 2013-05-16-1
Posted May 17, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-05-16-1 - iTunes 11.0.3 is now available and addresses multiple vulnerabilities. In versions prior to 11.0.3, an attacker in a privileged network position may manipulate HTTPS server certificates, leading to the disclosure of sensitive information and a man-in-the-middle attack is possible while browsing the iTunes Store via iTunes and may lead to an unexpected application termination or arbitrary code execution.

tags | advisory, web, arbitrary, vulnerability, code execution
systems | apple
advisories | CVE-2013-1014, CVE-2012-2824, CVE-2012-2857, CVE-2012-3748, CVE-2012-5112, CVE-2013-0879, CVE-2013-0912, CVE-2013-0948, CVE-2013-0949, CVE-2013-0950, CVE-2013-0951, CVE-2013-0952, CVE-2013-0953, CVE-2013-0954, CVE-2013-0955, CVE-2013-0956, CVE-2013-0958, CVE-2013-0959, CVE-2013-0960, CVE-2013-0961, CVE-2013-0991, CVE-2013-0992, CVE-2013-0993, CVE-2013-0994, CVE-2013-0995, CVE-2013-0996, CVE-2013-0997, CVE-2013-0998
MD5 | e8d1491d9530efc4d927e586d5482f7e
Apple Security Advisory 2012-11-29-1
Posted Nov 30, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-11-29-1 - Apple TV 5.1.1 is now available and addresses information disclosure and code execution vulnerabilities.

tags | advisory, vulnerability, code execution, info disclosure
systems | apple
advisories | CVE-2012-3749, CVE-2012-3748
MD5 | f7ab96621e126a3cafec299fec4f014e
Apple Security Advisory 2012-11-01-2
Posted Nov 2, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-11-01-2 - Safari 6.0.2 is now available and addresses multiple arbitrary code execution vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution
systems | apple
advisories | CVE-2012-3748, CVE-2012-5112
MD5 | 7f99fcbc7fe227f0fd799bc903faf8be
Apple Security Advisory 2012-11-01-1
Posted Nov 2, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-11-01-1 - iOS 6.0.1 is now available and addresses an information disclosure issue, a Passbook bypass, an arbitrary code execution vulnerability, and more.

tags | advisory, arbitrary, code execution, info disclosure
systems | apple
advisories | CVE-2012-3748, CVE-2012-3749, CVE-2012-3750, CVE-2012-5112
MD5 | fe179f5ed734824c5ef1a51bc1936610
Page 1 of 1
Back1Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    29 Files
  • 20
    Sep 20th
    18 Files
  • 21
    Sep 21st
    5 Files
  • 22
    Sep 22nd
    2 Files
  • 23
    Sep 23rd
    2 Files
  • 24
    Sep 24th
    15 Files
  • 25
    Sep 25th
    22 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close