Lucene search
Brendan Draper (@6r3nd4n)ZDI-20-682HistoryMay 28, 2020 - 12:00 a.m.
Apple Safari HasIndexedProperty Type Confusion Remote Code Execution Vulnerability
2020-05-2800:00:00
Brendan Draper (@6r3nd4n)
www.zerodayinitiative.com
20
EPSS
0.007
Percentile
80.6%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the HasIndexedProperty DFG node. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process.
References
Related
nvd
nvd
CVE-2020-9800
2020-06-09 17:15:11
prion
prion
Type confusion
2020-06-09 17:15:00
cvelist
cvelist
CVE-2020-9800
2020-06-09 16:06:08
cve
cve
CVE-2020-9800
2020-06-09 17:15:11
apple
apple
About the security content of Safari 13.1.1
2020-05-26 00:00:00
About the security content of Safari 13.1.1 - Apple Support
2020-05-27 12:42:27
About the security content of iCloud for Windows 11.2
2020-05-26 00:00:00
openvas
openvas
Apple Safari Security Update (HT211177)
2020-05-28 00:00:00
Apple iCloud Security Update (HT211181)
2020-05-27 00:00:00
Apple iCloud Security Update (HT211179)
2020-05-27 00:00:00
kaspersky
kaspersky
KLA11790 Multiple vulnerabilities in Apple iCloud
2020-05-26 00:00:00
KLA11791 Multiple vulnerabilities in Apple iTunes
2020-05-21 00:00:00