A heap buffer-overflow vulnerability in the perl compatible regular expressions library (PCRE) in the javascript engine used by apple's WebKit (part of Safari).
Allows arbitrary code to be run with administrative privileges.
- Reading SMS log, address book, call history
- Can transmit data back to attackers
- Can access device functionality for systems sound/vibrate, dialling numbers and sending messages, recording audio.
WebKit is open source, by using code coverage on the JavaScriptCore it was found only 54.7% of PCRE was covered, versus 79.3% for the main engine.
- Created a PCRE fuzzer
- The fuzzer was run against instrumented code, showing buffer overflows
- Evil regular expressions created to take cause these overflows The overflows could then be used to exploit.