Forbrukslån 20 År | Pikavippi Vertailu 2018 | Kredittkort | Strømleverandører | Billigste Husalarm | Forsikringsselskap | Billigste Mobilselskaper | Megler
ApplePublished CVE'sZero Day Alerts

ZDI-17-920: Apple Safari Node Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of Node objects when creating HTML Markup. By performing actions in JavaScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.

Vendor Response

Apple has issued an update to correct this vulnerability. More details can be found at:

https://support.apple.com/en-us/HT208223

Disclosure Timeline

    • 2017-09-05 – Vulnerability reported to vendor

 

    • 2017-11-20 – Coordinated public release of advisory

 

Credit

This vulnerability was discovered by:

    Hanul Choi

 

Show More

Stephen

Stephen Turner, the Director of Operations for predictiveIT, has spent the past 22 years involved in the technology realm and security. Stephen began his career in the United States Marine Corps as a Crypto Technician, before moving into the private sector. He has worked all facets of the Information Technology world including administration, security, consulting, project management, Director of Cyber Security and as a Chief Information Officer for nationwide organization where he was responsible for architecting the security infrastructure during the migration of the organization’s entire data center to the “cloud”. Stephen has trained as a Certified Ethical Hacker, Certified Information Systems Security Professional and as a Red Hat Certified Architect with a focus on Linux security.
Close

Adblock Detected

Please consider supporting us by disabling your ad blocker