[webkit-help] A Webkit exploit - Apple Safari Heap Buffer Overflow
rupsharma at ea.com
Wed Dec 9 10:18:33 PST 2015
A Webkit exploit was reported where WebKit implementation was vulnerable to ROP(return oriented programming) attacks. Here are the details: https://www.exploit-db.com/exploits/28081/.
However, we are interested in knowing which revision of WebKit has the fix for resolving this vulnerability.
The heap memory buffer overflow vulnerability exists within the WebKit's
If this compare function reduces array length, then the trailing array items
will be written outside the "m_storage->m_vector" buffer, which leads to the
heap memory corruption.
use it for memory corruption of internal JS objects (Unit32Array and etc.)
and subsequent arbitrary code execution (custom ARM/x64 payloads can be pasted
into the JS code).
So our question is, can point us to the fix (i.e. changelist/revision) which patched this exploit?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the webkit-help