Skypher » Safari http://skypher.com The blog for absolutely nothing! Sat, 25 Feb 2012 11:27:57 +0000 en hourly 1 http://wordpress.org/?v=3.3.2 Safari arguments integer overflow PoC (CVE-2008-2303) http://skypher.com/index.php/2009/01/05/safari-arguments-integer-overflow-poc-cve-2008-2303/ http://skypher.com/index.php/2009/01/05/safari-arguments-integer-overflow-poc-cve-2008-2303/#comments Mon, 05 Jan 2009 20:03:12 +0000 SkyLined http://skypher.com/?p=91 Warning: preg_split() [function.preg-split]: Compilation failed: lookbehind assertion is not fixed length at offset 14 in /home/c3682jgn/domains/skypher.com/public_html/wp-content/themes/braille/options/plugins.php on line 77

Warning: Invalid argument supplied for foreach() in /home/c3682jgn/domains/skypher.com/public_html/wp-content/themes/braille/options/plugins.php on line 78
]]> CVE-2008-2303 covers an integer overflow in the handling of indices in the “arguments” array in Apple Safari that affects iPhone, iPod and PC (Mac and Windows). It was fixed in Safari 3.2 for iPhone and iPod in July and for PC in November.
More details here
Repro here.

I have also created proof of concept code that shows potential exploitability and demonstrates how to use heap-spraying in Safari. AFAIK this is the first use of heap spraying in Safari, but I may be wrong. Heap spraying in Safari is not that different from other browsers, just backwards ;) The code can be found here.

]]> http://skypher.com/index.php/2009/01/05/safari-arguments-integer-overflow-poc-cve-2008-2303/feed/ 1 Safari vulnerability http://skypher.com/index.php/2008/07/14/apple-releases-patch-remote-code-execution-vulnerability-in-safari-on-iphone-and-ipod/ http://skypher.com/index.php/2008/07/14/apple-releases-patch-remote-code-execution-vulnerability-in-safari-on-iphone-and-ipod/#comments Mon, 14 Jul 2008 17:08:27 +0000 SkyLined http://skypher.com/?p=26 Warning: preg_split() [function.preg-split]: Compilation failed: lookbehind assertion is not fixed length at offset 14 in /home/c3682jgn/domains/skypher.com/public_html/wp-content/themes/braille/options/plugins.php on line 77

Warning: Invalid argument supplied for foreach() in /home/c3682jgn/domains/skypher.com/public_html/wp-content/themes/braille/options/plugins.php on line 78
]]> Apple has released a patch for a remote code execution vulnerability that I reported to them. This vulnerability affects JavaScripCore, which is part of Safari. The patch should fix the vulnerability on iPhones and iPods. Other products that use JavaScriptCore, such as Safari for Mac and Windows, are still vulnerable.

]]> http://skypher.com/index.php/2008/07/14/apple-releases-patch-remote-code-execution-vulnerability-in-safari-on-iphone-and-ipod/feed/ 0