Remote iPhone Denial of Service vulnerability exploit attacks 16GB iPhones (and 32GB Apple iPod Touch)
Posted by dennis on February 6th, 2008 at 07:30pm Comments
Buyers of new 16GB iPhones and 32GB iPod Touch devices should beware: Apple shipped these units without patching a remote Denial of Service vulnerability that was first discovered in iPhone firmware v1.1.2.
First report of a remote Denial of Service Safari browser vulnerability exploit that can crash an iPhone by simply visiting a website containing the malicious code was filed on January 24th 2007, however Joshua Morin, a Security Engineer for Codenomicon Ltd., discovered that this vulnerability is also present in iPhone firmware v1.1.3 — with which the 16GB iPhone and the 32GB iPod Touch were shipped.
Although in even worse news, we were able to reproduce the error on a v1.0.2 firmware iPhone — execution of the code in question caused our test unit to crash, so it seems this issue was plaguing iPhones since launch.
Apple spokesperson was unable to answer whether the company was aware of this security threat before shipping the new 16GB iPhone units, and could not give a timeframe as to when it will be patched. Mr Morin commented that “Apple can solve a lot of the known issues but it’s very hard to solve the unknown.” In the time being, his suggestion is to disable JavaScript on your iPhone or iPod Touch before Apple releases an official patch to this problem.
As for further hacker attacks on the iPhone, Mr Morin said “A lot of security gurus predicted more attacks geared towards the iPhone for 2008, I as well agree that we will see more.” Although, as for anything more serious than browser-based malware, Mr Morin stated that he does not believe that we “will see anything immediately, but when the SDK is released and new software is added, we will probably see more security risks and or attacks.”
And to answer the question that many jailbreaked iPhone owners ask, he does think that “jailbreaked” iPhones are more susceptible to hackers and malware as opposed to ones that were not tampered with, “because the jailbreak code is out in the wild allowing more people to tamper with it.”
“I don’t demote reverse engineering but in any case it won’t be long before someone finds a way to exploit something. For everyone who purchased the expensive iPhone, why settle for jailbreak and not wait for a high quality solution from Apple,” Mr Morin said.
And here’s the fancy iPhone-breaking code you so much desire: download in a .txt file.
![[Post to Twitter]](http://www.iphoneworld.ca/wp-content/plugins/tweet-this/icons/tt-twitter-big2.png){kind=icon}
Related posts:
- iPhone denial of service vulnerability discovered by McAfee (finally)
- Apple iPhone Safari browser memory exhaustion remote Denial of Service vulnerability discovered
- Original iPhone DoS vulnerability still around in iPhone firmware v1.1.4…
- New iPhone Safari remote execution DoS exploit locks up your iPhone by simply visiting a malicious page
- The Reason Why There Isn’t a 32GB iPhone, only a 32GB iPod Touch; No Need For New Contract Upgrading From 8GB iPhone
Care to rate this iPhone World article? Current news rating:
(2 votes, average: 1.00 out of 5)
Loading ...Filed Under: Apple News+ News+ Tech News+ iPhone Hacks+ iPhone News
-
anonymous
-
dennis
-
anon
