Rule Category

BROWSER-WEBKIT -- Snort has detected traffic known to exploit vulnerabilities present in the Webkit browser engine (aside from Chrome) this includes Apple’s Safari, RIM’s mobile browser, Nokia, KDE, Webkit itself, and Palm. Attacks often insert code via exploits, cause webkit renderings in the browser to crash, or otherwise create chaos or exploit for entrance.

Alert Message

BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt

Rule Explanation

The rule is checking for a use after free vulnerability attack in Apple Safari Webkit Webcore.

What To Look For

Rule alerts on exploit traffic

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic: Execution

Technique: AppleScript

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

Rule Vulnerability

Use After Free

Use After Free (UAF) attacks target computer memory flaws to corrupt the memory execute code. The name refers to attempts to use memory after it has been freed, which can cause a program to crash under normal circumstances, or result in remote code execution in a successful attack.

CVE Additional Information