Apple Safari RenderBox Use-After-Free Remote Code Execution Vulnerability

ID ZDI-17-241
Type zdi
Reporter Kai Kang(a.k.a 4B5F5F4B) of Tencent's Xuanwu LAB(
Modified 2017-03-30T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within RenderBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to achieve remote code execution under the context of the process.