Think you have a false positive on this rule?

Sid 1-51388

Message

BROWSER-WEBKIT Apple Safari JSValues type confusion attempt

Summary

This event is generated when an attempt to exploit a confusion type in Safari for iOS devices has been detected

Impact

High

Detailed information

Through standard heap manipulation techniques it is possible to control the uninitialized data, at which point it becomes possible to construct the well-known addrof and fakeobj primitives through a type confusion between doubles and JSValues and thus gain memory read/write by constructing a fake TypedArray.

Affected systems

  • Safari for iOS devices version 10.3 until 10.3.3

Ease of attack

Simple

False positives

False negatives

Corrective action

Upgrade to the latest available version of iOS devices

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • CVE-2017-7064
  • googleprojectzero.blogspot.com/2019/08/jsc-exploits.html