BROWSER-WEBKIT Apple Safari JSValues type confusion attempt
This event is generated when an attempt to exploit a confusion type in Safari for iOS devices has been detected
Through standard heap manipulation techniques it is possible to control the uninitialized data, at which point it becomes possible to construct the well-known addrof and fakeobj primitives through a type confusion between doubles and JSValues and thus gain memory read/write by constructing a fake TypedArray.
- Safari for iOS devices version 10.3 until 10.3.3
Ease of attack
Upgrade to the latest available version of iOS devices
- Cisco Talos Intelligence Group