On The Insider: Oprah's Next Project on HBO
BNET Business Network:
BNET
TechRepublic
ZDNet

March 18th, 2008

Remote execution DoS exploits iPhone by simply loading a Web page

Posted by Jason D. O'Grady @ 5:09 am

Categories: Safari, Security, iPhone

Tags: Apple iPhone, Web, Apple Safari, DOS, Web Page, Jason D. O'Grady

Remote execution DoS exploits iPhone by simply loading a Web pageA new iPhone Safari remote execution DoS exploit will crash your iPhone by simply visiting a malicious page. David from iPhoneWorld claims that the exploit will crash iPhone’s Safari browser and the desktop version of Safari as well.

The exploit is not new, it was refined from previously discovered code. The scary new development is that it doesn’t require user intervention, i.e. clicking on a button, just loading a Web page containing the malicious code will lock up your iPhone.

The vulnerability is confirmed to crash iPhone firmware 1.1.4 but we’re sure about older firmware versions. When I clicked on the link on my 1.1.4, non-jailbroken iPhone it opened a new browser window and the “loading” indicator in the top menu bar spun about three times and my iPhone locked up tighter than a drum. The spinner stopped spinning and my iPhone became completely unresponsive, forcing a reboot.

I also tested the code with Webkit v.3.0.4 and Safari 3 public beta and it crashed both with flying colors.

The exploit cannot be fixed until Apple updates the iPhone and iPod touch firmware. If you’re worried about it you can disable JavaScript on your device.

The Safari exploit source code is and a link to a test page is posted on iPhoneWorld. You have been warned!

Jason D. O'GradyJason D. O'Grady is the editor of PowerPage.org, which has been publishing daily mobile technology news since December 1995. For disclosures on Jason's industry affiliations, click here or to view Jason's full profile click here.

Email Jason D. O'Grady

Subscribe to The Apple Core via Email alerts or RSS.

  • Talkback
  • Most Recent of 14 Talkback(s)
Safari crashes
OS X doesn't (well not here anyway) (Read the rest)
Posted by: MinorityReport Posted on: 03/21/08 You are currently: a Guest | | Terms of Use
The more you use it....  Mectron | 03/18/08
RE: Remote execution DoS exploits iPhone by simply loading a Web page  gskiii | 03/18/08
Just the start?  GuidingLight | 03/18/08
fixed in Safari 3.1  pabugeater | 03/18/08
Classic Apple security!!  NonZealot | 03/18/08
Windows Mobile: 0?  JakAttak | 03/18/08
So what are the chances this message gets deleted?  rpmyers1 | 03/18/08
Oops! Should it be the 'iPwnd' now?  Scrat | 03/18/08
Not "vulnerability," "DoS" or "exploit." Just doggie poo.  WaltFrench@... | 03/19/08
Not very surprising, but still an issue  a.barry@... | 03/19/08
Not just a Safari issue...  iMouse | 03/19/08
OS X is a fantastic OS!!  NonZealot | 03/19/08
Safari crashes  MinorityReport | 03/21/08
Funny  MinorityReport | 03/21/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement

Recent Entries

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline