Rule Category

BROWSER-WEBKIT -- Snort has detected traffic known to exploit vulnerabilities present in the Webkit browser engine (aside from Chrome) this includes Apple’s Safari, RIM’s mobile browser, Nokia, KDE, Webkit itself, and Palm. Attacks often insert code via exploits, cause webkit renderings in the browser to crash, or otherwise create chaos or exploit for entrance.

Alert Message

BROWSER-WEBKIT Apple Safari WebKit handleIntrinsicCall type confusion attempt

Rule Explanation

This event is generated when an attempt to exploit Apple Safari via CVE-2018-4382 is detected. Impact: Attempted User Privilege Gain Details: A vulnerability exists in Apple Safari Webkit. Specifically the vulnerability exists in the ByteCodeParser::handleIntrinsicCall method. It is possible to craft Javascript in such a way that will cause type confusion to occur. This can lead to a denial of service or potentially allow for remote code execution to occur. Ease of Attack:

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives


Cisco Talos Intelligence Group

Rule Groups

No rule groups


Additional Links

Rule Vulnerability

CVE Additional Information

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
Severity Base Score8.8
Impact Score5.9 Exploit Score2.8
Confidentiality ImpactHIGH Integrity ImpactHIGH
Availability ImpactHIGH Attack VectorNETWORK
Authentication Ease of AccessLOW
Privileges RequiredNONE