Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:SAFARI:IOS-JS-ARY-RCE

Severity

 High

Recommended

 No

Category

 HTTP

Keywords

 Safari on Apple iOS 2.0 JavaScript Array RCE

Release Date

 2012/11/11

Update Number

 2202

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Safari on Apple iOS 2.0 JavaScript Array RCE


This signature detects attempts to exploit a known flaw in Safari on Apple iPhone before 2.0 and iPod touch before 2.0, which allows remote attackers to execute arbitrary code or cause a denial of service (DoS).

Extended Description

Apple iPhone and iPod touch are prone to multiple remote vulnerabilities: 1. A vulnerability that may allow users to spoof websites. 2. An information-disclosure vulnerability. 3. A buffer-overflow vulnerability. 4. Two memory-corruption vulnerabilities. Successfully exploiting these issues may allow attackers to execute arbitrary code, crash the affected application, obtain sensitive information, or direct unsuspecting victims to a spoofed site; other attacks are also possible. These issues affect iPhone 1.0 through 1.1.4 and iPod touch 1.1 through 1.1.4.

Affected Products

  • Apple iPhone 1
  • Apple iPhone 1.0.1
  • Apple iPhone 1.0.2
  • Apple iPhone 1.1
  • Apple iPhone 1.1.1
  • Apple iPhone 1.1.2
  • Apple iPhone 1.1.3
  • Apple iPhone 1.1.4
  • Apple iPod Touch 1.1
  • Apple iPod Touch 1.1.1
  • Apple iPod Touch 1.1.2
  • Apple iPod Touch 1.1.3
  • Apple iPod Touch 1.1.4
  • Apple Safari 1.0.0
  • Apple Safari 1.1.0
  • Apple Safari 1.2.0
  • Apple Safari 1.2.1
  • Apple Safari 1.2.2
  • Apple Safari 1.2.3
  • Apple Safari 1.3.0
  • Apple Safari 1.3.1
  • Apple Safari 1.3.2
  • Apple Safari 2.0.1
  • Apple Safari 2.0.2
  • Apple Safari 2.0.3
  • Apple Safari 2.0.4
  • Apple Safari 3
  • Apple Safari 3.0.1 Beta
  • Apple Safari 3.0.1 Beta For Windows
  • Apple Safari 3.0.2 Beta
  • Apple Safari 3.0.2 Beta For Windows
  • Apple Safari 3.0.3 Beta
  • Apple Safari 3.0.3 Beta For Windows
  • Apple Safari 3.0.4 Beta For Windows
  • Apple Safari 3.1
  • Apple Safari 3.1.1
  • Apple Safari 3.1.1 For Windows
  • Apple Safari 3.1.2
  • Apple Safari 3.1.2 For Windows
  • Apple Safari 3.1 For Windows
  • Apple Safari 3.2
  • Apple Safari 3.2.2 For Windows
  • Apple Safari 3.2.3
  • Apple Safari 3.2.3 For Windows
  • Apple Safari 3 Beta
  • Apple Safari 3 Beta For Windows
  • Apple Safari 4 Beta

References

  • BugTraq: 30186
  • BugTraq: 30186
  • CVE: CVE-2008-2303

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out