Lucene search
Liang Chen and wushi of KeenLab TencentZDI-16-352HistoryMay 20, 2016 - 12:00 a.m.
(Pwn2Own) Apple Safari GraphicsContext Use-After-Free Remote Code Execution Vulnerability
2016-05-2000:00:00
Liang Chen and wushi of KeenLab Tencent
www.zerodayinitiative.com
16
0.007 Low
EPSS
Percentile
80.8%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of GraphicsContext objects. By manipulating a document’s elements an attacker can force this object in memory to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.
References
Related
cvelist
cvelist
CVE-2016-1859
2016-05-20 10:00:00
cve
cve
CVE-2016-1859
2016-05-20 11:00:13
prion
prion
Memory corruption
2016-05-20 11:00:00
nvd
nvd
CVE-2016-1859
2016-05-20 11:00:13
ubuntucve
ubuntucve
CVE-2016-1859
2016-05-20 00:00:00
nessus
nessus
Apple TV 9.2.x < 9.2.1 Multiple Vulnerabilities
2016-07-25 00:00:00
Mac OS X : Apple Safari < 9.1.1 Multiple Vulnerabilities
2016-05-18 00:00:00
Ubuntu 16.04 LTS : WebKitGTK+ vulnerabilities (USN-3079-1)
2016-09-15 00:00:00
openvas
openvas
Apple Safari Multiple Vulnerabilities (Nov 2016) - Mac OS X
2016-11-22 00:00:00
Mageia: Security Advisory (MGASA-2016-0294)
2022-01-28 00:00:00
Ubuntu: Security Advisory (USN-3079-1)
2016-09-15 00:00:00
apple
apple
About the security content of Safari 9.1.1
2016-05-16 00:00:00
About the security content of Safari 9.1.1 - Apple Support
2017-01-23 03:47:57
About the security content of tvOS 9.2.1 - Apple Support
2017-01-23 03:54:40
mageia
mageia
Updated webkit2 packages fix security vulnerability
2016-08-31 20:34:12
ubuntu
ubuntu
WebKitGTK+ vulnerabilities
2016-09-14 00:00:00