Apple iPhone Safari browser memory exhaustion remote Denial of Service vulnerability discovered

“..seems to target v1.1.2 … As of now no known solution is available”
The CURRENT iPhone firmware is v1.1.3.

Ahhh…what trojan. The one that only affected people that hacked their phone. The Trojan specifically targets users that have modded their iPhone so they can install third-party applications. The application masks itself as an update to Erica’s Utilities and is labeled as “113 prep.” How is that in any way widespread? Spread the FUD!!! This is all the internet needs another misinformed lazy hack blogger.

JS,

What we do not need is a mentally challenged reader — please stop reading our site or learn reading (better stop reading at all, honestly, doesn’t seem to do you much good).

The article in question was written about a newly discovered DOS mobile Safari vulnerability that affects both jailbreaked and not modified iPhones = http://www.iphoneworld.ca/news/2008/01/25/apple-iphone-safari-browser-memory-exhaustion-remote-denial-of-service-vulnerability-discovered/

The trojan you’re referring to was covered previously here – http://www.iphoneworld.ca/news/2008/01/07/the-first-iphone-trojan/ . It’s not the same thing as this newly discovered threat. And just to counter your argument, around 1/3 of iPhones sold are sold to be unlocked — http://www.iphoneworld.ca/news/2008/01/25/aproximately-third-of-the-iphones-are-sold-to-be-unlocked/ — if your mind is capable of processing that much information, it means that over 1,300,000 iPhones could be affected. So of course it’s not “widespread” — “only” 1/3 of all iPhone owners can have it!

Now please go back to first grade and master those crucial “reading skills”, if you’d like to understand what I wrote above. The only thing worse than a “misinformed lazy hack blogger” is a “know-it-all while deeply mentally challenged reader.”. Trust me, you won’t be missed!

If I understand the article, this applies to firmware version 1.1.2, so presumably if you update to 1.1.3 this is a non-issue? So if you hacked iPhone then a trojan exists that may be a concern, if you have not updated to firmware 1.13 presumably to maintain hacked iPhone apps you are vulnerable.

Not sure these are Apple problems, but they do point out a concern that at some future date Apple baseline iPhones can be at risk, but more importantly help explain the deliberate and hopefully improved security intended to the Feb SDK.

Apple may place some hoops for app developers to go through to improve security – it will interesting if the community can swallow any limitations in business processes for security purposes.

Here is what you said from you other article:
Posing as a pre-patch to firmware update 1.1.3, the trojan tricks the iPhone user into installing it. Uninstalling it, or attempting to, yields poor results, as you’re left with a near empty iPhone because of what it aims to infect (things like Erica Sadun’s utilities and OpenSSH).
——————————————————————————————————-
You left out a few things didn’t you. Like the fact that some how you try to imply that Apple is responsible for someone that goes off on their own to disregard the terms of agreement & use software that is not sanctioned by Apple nor has anything to do with the manufacturer of the phone.
“The application masks itself as an update to Erica’s Utilities and is labeled as “113 prep” Nothing in that statement says “Apple firmware update”. You go off on you’re own, you’re responsible for the consequences. If the iPhone package doesn’t appeal to you…don’t buy it. There are other choices. Maybe you are to Retarded to read what you wrote & also to dumb to realize what part of “your analysis” I was talking about.

Your words on the second article:
In a sign of even worse things to come for iPhone owners…

Yes. the Safari vuln. is an issue. Is it a major issue? What other signs are there that it is going to get much worse as you seem to imply by your lead in to your very short regurgitation of someone else’s point of view. What exactly were you trying to imply by this statement? Time will tell & I somehow think that regurgitating someone else’s point of view isn’t exactly intellectually superior to anyone else’s position. What part of the story or opinion did you write? What is your point of view? I don’t see it.

“This is certainly bad news for iPhone owners, as it seems as the more the popularity of the said handset increases, the more hackers, some of whom happen to be malicious, it attracts.”

We’ll see: You statement is an absolute. Read your own article.

Let’s see what the SDK & software distribution system from Apple is like before jumping the gun. Of course nothing is perfect. you seem to be making quite a leap. As someone else stated her the most recent version of the iPhones firmware is v1.1.3. Are you saying it effects the updated iPhone’s? If not, then how exactly can you give your readers the extent of the problem with any degree of accuracy?

http://www.igotspam.com/50226711/malware_attacks_nokia_handsets.php

JS,

#1 You still have a problem with reading.
#2 I am missing your argument completely.
#3 You still have a problem with reading…

Trojan article:
You wrote: “Like the fact that some how you try to imply that Apple is responsible for someone that goes off on their own to disregard the terms of agreement & use software that is not sanctioned by Apple nor has anything to do with the manufacturer of the phone.”

WHERE IS SOMEONE IMPLYING THIS? SHOW ME?! Learn reading! “Please keep an eye out for obviously fake iPhone applications, and continue being vigilant in the protection of your personal information, your iPhone will be very grateful,” is the closing statement of that article!!!!

Now, if you want to change the definition of the word TROJAN, you would need to go and contact Symantec, etc… Until then, by definition, everything that was written about the iPhone trojan is 100% correct.

And just a matter of fact — we have multiple editors, if you were to read who wrote the trojan article it wasn’t me. So if you can’t understand two articles in a row… See what I said before about “crucial reading skills”.

Current story:

You wrote: “What other signs are there that it is going to get much worse as you seem to imply by your lead in to your very short regurgitation of someone else’s point of view. What exactly were you trying to imply by this statement? Time will tell & I somehow think that regurgitating someone else’s point of view isn’t exactly intellectually superior to anyone else’s position. What part of the story or opinion did you write? What is your point of view? I don’t see it.”

What regurgitation of whose point of view? I did not imply anything, once again. I stated simply “In a sign of even worse things to come for iPhone owners than the recently released iPhone trojan (analysts did predict it would happen).” What is the problem with this statement? Is a remote DoS vulnerability better or worse than the trojan? In my opinion it’s worse.

Now what is my point of view? I spotted a new vulnerability at http://www.securityfocus.com/bid/27442 . I posted its description while noting that it’s already the second iPhone vulnerability and that I expect more to come. Why do I need to explain you my point of view or what I think? I post news, whatever I desire. If you don’t like them – don’t read them. Better off make your own site that will only “express your point of view”.

As for #1’s question and your further questions on the vulnerability — http://www.securityfocus.com/bid/27442/solution — is as far as I know. I am not a security expert and never pretended to be. I do not see it as my job to disassemble code or test vulnerabilities. I see it as my job to understand what is written and forward the word to our readers.

JS, Now I’ll stop replying, because arguing with people as mentally challenged as you are is not something I have time for on the internet or in real life — when people’s IQ is below the bar I walk away. As for you, I really suggest you to stop reading our site, JS, it seems to contain more info than you can process without getting a memory leak that crashes your brain, so to say. Go find something better to do, like open your own site, change the definition of the word trojan, or test that exploit on your own v1.1.3 handset. Who knows, you might be better at that than reading and stating your point, since so far you’ve made 0 sense at all.

Please do NOT use “retarded” as a put down. Whether someone is mentally or physically impaired should not prevent them taking part ie. reading a site like yours. If you need to make fun of someone’s inability to comprehend your writing, you should be able to do it without denigrating people who through no fault of their own have physical or intellectual disabilities.

Cheers.

Hi Tom,

My apologies, I see how that could be offensive to some people. I modified my posts.