Strike ID:
E19-0mey3
CVSS:
7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
False Positive:
t
Variants:
3
Year:
2018

Description

This strike exploits a vulnerability in Apple Webkit. Specifically, an attacker can craft javascript that takes advantage of a vulnerability that exists in how the GetIndexedPropertyStorage can cause garbage collection via rope strings, which can lead to a Use-After-Free condition. This can cause a denial of service in the browser or potentially allow for remote code execution to occur.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}