Think you have a false positive on this rule?

Sid 1-51392

Message

BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt

Summary

This event is generated when there is an out-of-bounds write attempt to the AppleWebKit JavaScriptCore heap.

Impact

Base Score: 8.8 HIGH Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (V3 legend) Impact Score: 5.9 Exploitability Score: 2.8 Confidentiality (C): High Integrity (I): High Availability (A): High

Detailed information

This exploit manipulates controlled JSC objects in order to perform an out-of-bounds write on the JSC heap in AppleWebKit. This could lead to arbitrary remote code execution or denial of service by a crafted website.

Affected systems

  • iOS < v.10.3.2
  • Safari < v.10.1.1
  • tvOS < v.10.2.1

Ease of attack

Medium.

False positives

None known.

False negatives

None known.

Corrective action

Updated to the lastest supported iOS, Safari, and tvOS versions.

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • CVE-2017-2505
  • bugs.chromium.org/p/project-zero/issues/detail?id=1137