Published: 27/06/2017 Updated: 03/10/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS prior to 10.3 allows remote malicious users to execute arbitrary code via a crafted web page, or a crafted file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple iphone os

<!-- Sources: phoenhexre/2017-05-04/pwn2own17-cachedcall-uaf githubcom/phoenhex/files/blob/master/exploits/cachedcall-uafhtml Overview The WebKit bug we used at Pwn2Own is CVE-2017-2491 / ZDI-17-231, a use-after-free of a JSString object in JavaScriptCore By triggering it, we can obtain a dangling pointer to a JSString obje ...

Pegasus was, surprisingly, patched in 5.5.2, so we're exploring other potential webkit vulns.

PegMii-Boogaloo Pegasus was, surprisingly, patched in 552, so we're exploring other potential webkit vulns Starting investigation using: bugschromiumorg/p/project-zero/issues/detail?id=1262 to review: bugschromiumorg/p/project-zero/issues/detail?id=1256 bugschromiumorg/p/project-zero/issues/detail?id=1249 pastebincom/buAqEm74 https

CWE-416 https://support.apple.com/en-us/HT207617 http://www.zerodayinitiative.com/advisories/ZDI-17-321 http://www.securityfocus.com/bid/98316 https://www.exploit-db.com/exploits/41964/https://nvd.nist.gov https://github.com/hedgeberg/PegMii-Boogaloo https://www.exploit-db.com/exploits/41964/

CVE-2017-2491

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect