Think you have a false positive on this rule?

Sid 1-51388


BROWSER-WEBKIT Apple Safari JSValues type confusion attempt


This event is generated when an attempt to exploit a confusion type in Safari for iOS devices has been detected



Detailed information

Through standard heap manipulation techniques it is possible to control the uninitialized data, at which point it becomes possible to construct the well-known addrof and fakeobj primitives through a type confusion between doubles and JSValues and thus gain memory read/write by constructing a fake TypedArray.

Affected systems

  • Safari for iOS devices version 10.3 until 10.3.3

Ease of attack


False positives

False negatives

Corrective action

Upgrade to the latest available version of iOS devices


  • Cisco Talos Intelligence Group

Additional References

  • CVE-2017-7064