Remote iPhone Denial of Service vulnerability exploit attacks 16GB iPhones (and 32GB Apple iPod Touch)
February 6, 2008 by dennis
Buyers of new 16GB iPhones and 32GB iPod Touch devices should beware: Apple shipped these units without patching a remote Denial of Service vulnerability that was first discovered in iPhone firmware v1.1.2.
First report of a remote Denial of Service Safari browser vulnerability exploit that can crash an iPhone by simply visiting a website containing the malicious code was filed on January 24th 2007, however Joshua Morin, a Security Engineer for Codenomicon Ltd., discovered that this vulnerability is also present in iPhone firmware v1.1.3 — with which the 16GB iPhone and the 32GB iPod Touch were shipped.
Although in even worse news, we were able to reproduce the error on a v1.0.2 firmware iPhone — execution of the code in question caused our test unit to crash, so it seems this issue was plaguing iPhones since launch.
As for further hacker attacks on the iPhone, Mr Morin said “A lot of security gurus predicted more attacks geared towards the iPhone for 2008, I as well agree that we will see more.” Although, as for anything more serious than browser-based malware, Mr Morin stated that he does not believe that we “will see anything immediately, but when the SDK is released and new software is added, we will probably see more security risks and or attacks.”
And to answer the question that many jailbreaked iPhone owners ask, he does think that “jailbreaked” iPhones are more susceptible to hackers and malware as opposed to ones that were not tampered with, “because the jailbreak code is out in the wild allowing more people to tamper with it.”
“I don’t demote reverse engineering but in any case it won’t be long before someone finds a way to exploit something. For everyone who purchased the expensive iPhone, why settle for jailbreak and not wait for a high quality solution from Apple,” Mr Morin said.
And here’s the fancy iPhone-breaking code you so much desire: download in a .txt file.
- iPhone denial of service vulnerability discovered by McAfee (finally)
- Apple iPhone Safari browser memory exhaustion remote Denial of Service vulnerability discovered
- Original iPhone DoS vulnerability still around in iPhone firmware v1.1.4…
Sign up to receive latest iPhone World news and updates via e-mail, RSS, Twitter or Facebook!