Patched Safari Bug under Attack

Wednesday, September 4, 2013 @ 05:09 PM gHale


There is a proof-of-concept available that exploits a known and patched heap buffer overflow vulnerability in Apple’s Safari browser.

The exploit affects Safari version 6.0.1 and possibly earlier versions as well for iOS 6 and OS X 10.7 and 10.8 (Lion and Mountain Lion respectively), said officials at Packet Storm.

RELATED STORIES
Text String Takes Bite Out of Apple
Still a Hack, but Wrong Person
‘Jekyll’ Test Attack Takes Over
Apple Developer Site Back Up

Packet Storm acquired the details of from independent security researcher Vitaliy Toropov through its bug bounty program.

The vulnerability is related to the “WebKit’s JavaScriptCore JSArray::sort(…) method.” This method, according to the posting on Packet Storm, accepts the user-defined JavaScript functions and calls from native code to compare array items.

In the event the array length for one of these comparison functions reduces, it becomes possible for any array items following it to end up written outside the “m_storage->m_vector[]” buffer, which could allow for the heap memory corruption.

“The exploit for this vulnerability is a JavaScript code which shows how to use it for memory corruption of internal JS objects (Unit32Array and etc.) and subsequent arbitrary code execution (custom ARM/x64 payloads can be pasted into the JS code),” Toropov said in his proof-of-concept write-up.

Apple patched the buffer overflow vulnerability this proof-of-concept exploits back in November 2012, so the only Apple users potentially affected by an attack deploying this exploit would be those that have not updated from OS X 10.7 and 10.8 and iOS 6.0.1.

Exploits of known and patched vulnerabilities see more use by cybercriminals and malware and exploit kit creators far more than Zero Days. Such attacks are effective because computer users are notoriously stubborn about installing software updates.

It is very hard to figure out how many Safari users are vulnerable to this attack, but, according to technology research firm Net Market Share, more than one percent of all users on the Internet are browsing with Safari 5.1 and are therefore potentially vulnerable. Beyond that, Net Market Share’s figures indicate that nearly 3.5 percent of Web users surf with Safari 6.0 or better. Any of those that failed top update from 6.01 would remain vulnerable.



Leave a Reply

You must be logged in to post a comment.