PT-2012-4988 · Apple · Safari+2

Daan Keuper

Publicado

2012-11-03

Atualizado

2013-09-18

CVE-2012-3748

CVSS v2.0

5.1

Média

Vetor

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Apple iOS versions prior to 6.0.1 Apple Safari versions prior to 6.0.2

Description A race condition in WebKit allows remote attackers to execute arbitrary code or cause a denial of service via vectors involving JavaScript arrays. This issue was demonstrated at Mobile Pwn2Own, showcasing a remote code execution vulnerability in Apple Safari.

Recommendations For Apple iOS versions prior to 6.0.1, update to version 6.0.1 or later to resolve the issue. For Apple Safari versions prior to 6.0.2, update to version 6.0.2 or later to resolve the issue.

Exploit

Correção

DoS

RCE

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

CVE-2012-3748

ZDI-13-009

Produtos afetados

Safari

Ios

Itunes

PT-2012-4988 · Apple · Safari+2

CVE-2012-3748

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 18