HTTP: Apple Safari WebKit Selections Use After Free
This signature detects attempts to exploit a known code execution vulnerability in Apple Safari. It is due to a use-after-free error when processing selections. A remote attacker can exploit this by enticing a target user to open a maliciously crafted Web page. In a successful attack where code executed, the behavior of the target machine depends entirely on the intention of the injected code, which runs within the security context of the logged on user. In an unsuccessful, the vulnerable application can terminate abnormally.
Extended Description
WebKit for Apple iOS for iPhone and iPod touch is prone to a remote code-execution vulnerability. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application. This issue affects iOS 2.0 through 4.0.2 for iPhone 3G and later and iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later.
Affected Products
Apple ipod_touch,Suse opensuse
Short Name
HTTP:STC:SAFARI:WEBKIT-AFREE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
After Apple CVE-2010-1812 Free Safari Selections Use WebKit bid:43079
Release Date
12/22/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Red_hat
Webkit_open_source_project
Suse
Apple
Ubuntu
Mandriva
CVSS Score
6.8