Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-3748 — Race Condition in Apple Iphone OS

CWE-362 — Race Condition4 documents4 sources

Severity

5.1MEDIUMNVD

EPSS

11.8%

top 6.26%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple Iphone OS Apple Safari

Timeline

PublishedNov 3

Latest updateMay 17

Description

Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages2 packages

▶NVDapple/safari6.0.1+66

▶NVDapple/iphone_os6.0+40

🔴Vulnerability Details

GHSA

GHSA-jw8x-chj5-jxmc: Race condition in WebKit in Apple iOS before 6↗2022-05-17

▶

OSV

CVE-2012-3748: Race condition in WebKit in Apple iOS before 6↗2012-11-03

▶

💥Exploits & PoCs

Exploit-DB

Apple Safari 6.0.1 for iOS 6.0 / Apple Mac OSX 10.7/8 - Heap Buffer Overflow↗2013-09-04

▶