New iPhone Safari remote execution DoS exploit locks up your iPhone by simply visiting a malicious page

He….Crashes Safari AND FIREFOX (PC)

What version of Firefox do you have? Could not personally reproduce the error on Firefox 2.0, but it does indeed crash Safari.

Dennis

Safari 3.1 rides right through it, no problem.

” alert(fuckbill);”

nice script, it includes FUCK BILL phrase

Doesn’t crash Safari just released today. Stay up to date guys

Copyright Georgi Guninski
Cannot be used in vulnerability databases
Especially securityfocus/mitre/cve/cert

Didn’t crash Safari for me on my Mac, but it sure froze up my iPhone.

Doesn’t crash the new safari 3.1. It tried it’s best but didn’t do it. I have now tried it 3 times. Looks like the next iphone safari update might fix the issue.
It is a little bit irresponsible to release the source code of this exploit.
These things should be submitted to Apple but not the general public.

Didn’t crash safari for me… Though I just downloaded 3.1, perhaps they fixed the issue with the new release?

The latest Safari 3.1 that came out today has no problem at all with this exploit… A page with some text appears, but that is all that happens. I merely closed the window and continued using Safari as before.

Crashed IE 7 on Windows XP

I’ll happily defer to somebody who better understands Javascript — so those of you more expert, dig in! But until then, may I offer… ?

1. The simple javascript asks for MORE MEMORY than ANY phone would have. My work PC (IE6?) locked up trying to execute this. I doubt ANY PC could actually “correctly” handle a page including this script. Some could _appear_ to freeze while correctly processing the script, due to the huge amount of data sloshed around. Reports of “crashes” might merely indicate that the browser was working its tail off, and not showing any progress.

2. Pushing the limits such as above is in the highest tradition of finding exploitable browser problems. However, it does NOT appear that the “exploit” is doing anything other than pushing the browser past its limits. Whatever state the iPhone (or my IE6!) is left in, quite possibly it’s to trash the browser session, which would have the OS (X) recycle the used memory, leaving NO RISK of trying to execute code in the created garbage. Yes, it MIGHT, but I think not, and it’s certainly not shown.

3. So this is not so much a Denial of Service — by which, most people mean, asking a SERVER to do so much useless work that it can’t do its intended work. Rather, it’s more like a suicide loop — if it actually locks up the browser, running some impossible requests, you might have to just turn off the phone. (You might have to just receive a call, which could suspend the browser, just as effectively. YAY for no multitasking! ;^> )

4. Let’s call it a Hopeless Task — legal, but beyond the capabilities of the nifty gizmo that some of us (not me, alas!) carry around. If this happens to you from visiting a web site, and you go back more than once, you’re a Slow Learner. That self-realization might be a Good Thing; a couple of minutes appears to be the extent of the damage that this little gem can inflict.

5. My RAZR locks up ALL ON ITS OWN these days: I don’t need no script kiddy’s stuff.

6. Until somebody shows that a failure to deliver memory to Safari leaves the browser in an unstable state (not a “dead” state), this thing has not crossed the threshold of being even a POTENTIAL EXPLOIT. It indicates that no computer has infinite resources. Perhaps some users would be happier with a slower computer that checks whether each step of a webpage is possible before it carries them out. Personally, I’ll risk having a faster browser which might require me to power-cycle my phone if I’m so unfortunate as to visit some page that wants to cause me a nuisance.

7. So, iPhoneWorld, what’s the big deal? It’s a practical joke on the level of setting a bag full of doggie poo on fire, then ringing somebody’s doorbell. And it’s being written up as Yeah Those iPhones are buggy and virus-prone. Is this what you want to sell? Need a few more thousand eyeballs who are likely to think your ads are more believable than your editorial?

I definitely agree Mr. Walt French. You guys really don’t have to put much stock on this – causing people to panic (though i believe panic is just what you want to stir up so that people will come in and read your articles).

Im a blogger too, and I really hate posting negative comments about writers on blog sites, but this news really struck a nerve in me. don’t you guys have any technical staff to confirm this news? if this is in fact what you call “remote execution DoS vulnerability”?

come on, you’ve got to be kidding me. read the code, you posted it yourself. all this code really does is loop a thousand times and uses most of the memory on your phone/machine.

yes, you do experience crashes, this is because, it hogs all the memory, it eats up a lot of it, faster than your machine can recycle/reuse it. but this is in no such way a DoS problem.

a DoS is much more complicated than this. all you even have to do if you encounter this is to reboot you phone or close your browser whereas if you do get a DoS problem, rebooting won’t solve anything, in other words, you’re f*cked up!

this is a prank, no other word for it. maybe that is why Apple didn’t comment on it right away. maybe they tried to look at the code, saw it and laugh their asses of about how you people made it such a big deal.

Camino (10.4.10, v 1.5.5) has no problems.

Ends up with a popup that says “The page at http://www.iphoneworld.ca says: done generating” and then opens a new tab and displays this:

Copyright Georgi Guninski
Cannot be used in vulnerability databases
Especially securityfocus/mitre/cve/cert

Walt French / Frantz

Not sure if you’re getting the point of this article. I won’t address all your questions/assumptions since some are completely silly and I am simply not paid to be your tech instructor.

Here’s all I will say:

1) This is a remotely executed code that does not require user input.
2) It does not crash ONLY Safari, it completely locks up your iPhone INCLUDING all running and unsaved applications, forcing a reboot.
3) Combine #1 + #2 and bingo, remote denial of service.
4) Walt, this does NOT crash my machine which is an old one (only 1GB RAM, 2GHZ CPU) in *any* browser — maximum that happens when it runs on my computer is Safari freezes — FireFox and IE work just fine. I’d suggest you to troubleshoot your machine if IE freezes your computer. And I do sympathize with your RAZR crashing for no reason. Between the two, you might want to service your electronics better.
5) Frantz, you need to look up the Wikipedia definition of DoS before you go ahead and invent your own.

From Wikipedia, the free encyclopedia
(Redirected from Denial of service)
Jump to: navigation, search
“DoS” redirects here. For other uses, see DOS (disambiguation).

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to, motives for, and targets of a DoS attack may vary, it generally consists of the concerted, malevolent efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.

Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even DNS root servers.

One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by:

* forcing the targeted computer(s) to reset, or consume its resources so that it can no longer provide its intended service; or,
* obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

Denial-of-service attacks are considered violations of the IAB’s Internet proper use policy. They also commonly constitute violations of the laws of individual nations.
(see FAQ[1])

Lastly, we have a resident security expert who first reported on this vulnerability to us, and we stand by these findings.

Now you can keep arguing and bringing up your own assumptions and self invented definitions that no one is familiar with, but it won’t change a thing in the real world. Thanks for your time!

Dennis

Well, it sure crashed my Safari 3.1 on the MacBook Pro, or rather, it made it very unresponsive and very difficult to make a force quit.

However, in the iPod touch 1.1.4, nothing erroneous happened. Safari keeps trying to load it but it doesn’t crash either the browser or the iPod touch. I can easily tell Safari to stop loading it. I can also use the home button.

Dennis,

Ahh.. why are you aiming at Walt/Frantz when you can’t read the article you post/link to yourself?

DoS is aimed at SERVERS, not ONE User loading ONE page one their own computer!

It’s a BUG – yes, but DoS means that one or more computers are aiming at YOUR computer in an attempt to take it’s services down. And since there is NO HTTP server running on your iPhone/iTouch (unless you hacked it and started one yourself) it will not be possibe to make a DoS against the iPhone.

Only way I see it coming, is if you get bombed with SMS’s that crash you iPhone.. now THAT would be a DoS attach!

mjc: I Googled the name Georgi Guninski in Firefox, and McAfee Site Advisor instantly flagged up his site(s) [titled "Georgi" and "Exploder"] in the “Use Caution” category, listing 1 RED download in each site, which were the first 2 results of a simple Google search.

Jakob,

Are you implying that DoS attacks cannot be executed against individual computers/other devices and by default have to be against servers?

I’ll refer you to parts of the same Wikipedia article I’ve quoted from earlier, thanks.

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.
…
A DoS attack can be perpetrated in a number of ways. There are five basic types of attack:

1. consumption of computational resources, such as bandwidth, disk space, or CPU time;
2. disruption of configuration information, such as routing information;
3. disruption of state information, such as unsolicited resetting of TCP sessions;
4. disruption of physical network components.
5. obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.
….
A DoS attack may include execution of malware intended to:

* max out the CPU’s usage, preventing any work from occurring;
* trigger errors in the microcode of the machine;
* trigger errors in the sequencing of instructions, so as to force the computer into an unstable state or lock-up;
* exploits errors in the operating system to cause resource starvation and/or thrashing, i.e. to use up all available facilities so no real work can be accomplished;
* crash the operating system itself;
* iFrame (D)DoS, in which an HTML document is made to visit a webpage with many KB’s of information many times, until they achieve the amount of visits to where bandwidth limit is exceeded.
..
Various DoS-causing exploits such as buffer overflow can cause server-running software to get confused and fill the disk space or consume all available memory or CPU time.
…
In online gaming, nuking is used by spamming another user, or all other users, with random repeated messages in quick succession. Such techniques are also seen in instant messaging programs as repeatedly sending text can be assigned to a macro or AppleScript. Modern operating systems are usually resistant to these nuke attacks, and online games now have third party “Flood control.”

In case you still want to argue more, read: http://en.wikipedia.org/wiki/Denial_of_service

I’m not going to respond anymore to people that don’t know how to read/understand Wikipedia articles — or until someone changes the Wikipedia entry, thanks

If someone has something constructive to say, you’re quite welcome though:)

Dennis

It crashed my Safari 3.1 running on 10.5.2 and MacBook Pro 2.16 Intel Core Duo. I had to force quit, and it was not easy, the computer was responding very slowly. I would suggest to stay away from it.

Confirmed.

Safari 3.1 (Mac OS X 10.5.2, Intel) displayed the text and then hung. I was still able to force quit Safari quite easily, though.

iPhone 1.1.4 locked up. Hard. I had to do a hard reboot.

Congratulations, guys. Make sure you keep One Infinite Loop in the loop.

hey, when it locks up IE for 60 seconds before giving an out of memory error, why chastise a cell phone????

Sarari 3.1 beach-balled for me. While not technically a “crash,” I would consider it effective in its result.

FireFox took a few seconds to load it just for some letters but didn’t do anything but say Copyright: bla bla bla

MOBILE 99 CONSULTANCY.

(ESTABLISHED IN 1994)
IN CONJUNCTION WITH FEDERAL BUREAU OF
TELECOMMUNICATION & POST.

COMPANY LOCATION:SHOP 9A,UPPER LEVEL,
SANDTON SHOPPING CENTRE,SANDTON 2148,
SOUTH GATE.

REGISTRATION NO:885840470

TEL:+27-730-392-979

WEBSITE: http://mtglobalcomunication.com/mobile99c/

FAX NO:+27-777-483-991

CONTACT EMAIL: mobile99c@gmail.com

SALES ENQUIRY:mobile99c@hotmail.com

MSN CHAT:mobile99c

MOBILE 99 CONSULTANCY is an Approved dealers,
specialized in the distributors of Mobile
phones,Laptops,Games,Mobile
accessories,computer e.t.c. Our objective is
to develop long-term relationships with our
customers.To do so we continuously provide our
existing customers new products, advanced
designs, and patented innovations so that they
can stay on the top of their markets. We offer
a 10 days return policy,and offer a secure
payment method.

We shipout worldwide through Professional and
reliable courier company e.g FEDEX EXPRESS
,DHL and UPS within 48hrs of contract sealed,
Customers never experience what is called
Breach of contract since our operation,
Fidelity guarantee our service,our product are
100% international waranty and guarantee.

SHIPPING METHOD: FedEx,UPS & URBAN SPEED
SERVICE.
DELIVERY/ANALYSIS: 48Hrs Via FedEx Express
Delivery, (OVRNIGHT DELIVERY ALSO AVAILABLE
@Affordable charges).

Our BONANZA are:
Buy 2 units and get 1 unit FREE.
Buy 5 units and get 2 unit FREE including
shipping

Why buy from us?
Lowest Prices Checked,Huge Product Range, 24/7
Online Support, Fast Shipping Guaranteed,
Safety
and Security Assured.
100% *OFFICIAL* AUTHORIZED DEALER
100% Brand New in Box – Genuine Guaranteed
100% Lowest Price Guaranteed (Price Match May
Apply)
100% FULL Warranty with setup service.

Our phones are imported from
USA,Finland,Hungary and Singapore; they are
factory sealed with original packets comes
with complete accessory, e.g. charger, extra
battery and software c d. The phones are sim
free and it's never lock to any network,
specification: (europeans/usa-specifications)
general network gsm 900/gsm 1800/gsm 1900
platform – tri band (gsm900 + 1800 + 1900 MHz:
country of manufactured origin:
USA,Finland,Hungary and Singapore.All products
consist the following accessories.

1. Complete accessories(Well packed and sealed
in original company box)
2. Unlocked / sim free.
3. Brand new (original manufacturer) box – no
copies
4. All phones have English language as default
5. All material (software, manual) – car
chargers – home chargers – usb data cables -
holsters/belt clips – wireless headsets
(bluetooth) -leather and non-leather carrying
cases – batteries.

If you are interested, forward your questions
and inquires to us via email your order and
shipping details. we give 1 year warranty for
every product sold out to our costumers, our
product are company class 1 tested and
approved by global standard organization of
wireless industries.

Bellow is our current mobile phones price
list:

NO TAX on all products!
Price listed only applies for Oversea Shipment
only:

Apple iphone 3GS (32Gb) @ $330
Apple iphones 8GB @200
Apple iphone 4GB @180
Apple Iphone 3G 16GB @$300
Apple Iphone 3G 8GB @250
Ipod Touch 16GB @180

SIDEKICKS PRODUCT
Sidekick 2008 @200
Sidekick LX @130
Juicy Couture Sidekick II @130
Mister Cartoon Sidekick @140
Juicy couture Sidekick III @130
Sidekick D – Wade @140

SAMSUNG PRODUCT
Samsung S9402 Ego @350
Samsung M3200 @350
Samsung F110 Adidas miCoach @250
Samsung Serenata F318 3G (Unlocked)@600

SONY ERICSSON PRODUCT
Sony Ericsson T700 @250
Sony Ericsson W800i @165
sony Ericsson w600i @150
sony Ericsson p910i @180
Sony Ericsson P900 @185
Sony Ericsson P980i @300
Sony Ericsson P990i @180
Sony Ericsson P1i @270
Sony Ericsson XPERIA X1 @300
Sony Ericsson G900i @250
Sony Ericsson W890i Walkman Phone @200
Sony Ericsson C905@250
Sony Ericsson Satio @320

XBOX GAMES:
Xbox 360 Core System @200usd
Xbox 360 Prenium pack @220usd
Xbox 360 Platinum Bundle Console @240usd

NINTENDO WII GAMES
Nintendo DS Lite NDSL Game Console (Pink) @130
Nintendo DS Lite Black (US) @130
Nintendo DS Lite Enamel Navy (HK) @130

PLAYSTATION 3 GAMES
Playstation 3 60GB @200
Playstation 3 80GB @230
Playstation 3 40GB @180

BLACKBERRY PRODUCT
BlackBerry Javelin 8900 @ $310USD
Blackberry Thunder 9500 @ $330USD
Blackberry Storm 9530@380
Blackberry Storm 9500 @400
Blackberry Curve 8900 @350
Blackberry Pearl Flip 8220 @400
Blackberry Bold 9000 @300
Blackberry 8830 World Edition @250

HTC PRODUCTHTC

Touch Viva @380
HTC MAX 4G @370
HTC Touch 3G @350
HTC Touch HD @310
HTC Shift Pocket PC @300
HTC Touch Cruise P3650 (POLARIS) @300
HTC TOUCH PRO @350
HTC Touch Diamond @250
HTC Touch Enhanced w/ 1GB Card @190
HTC Advantage X7500 Quad Band GSM PDA
SmartPhone @290
HTC Advantage X7501 Quad Band GSM PDA Phone -
USVersion @280

NOKIA PRODUCT
Nokia N97 @300
Nokia 8800 Arte Edition w/ BH-803 @600
Nokia 6085 @170
Nokia N96 @250
Nokia 8800 Sirocco @250
NOKIA 9500 @200
NOKIA 9300 @160
Nokia N70 @180
Nokia N71 @180
Nokia N72 @180
Nokia N73 @180

APPLE IPOD PRODUCT

20GB iPod @45USD
Apple 4 GB iPod Mini Pink M9435LL/A @40USD
Apple 40 GB iPod photo @40USD
Apple 4 GB iPod Mini Silver M9160LL/A @40USD
Apple 60 GB iPod Photo M9830LL/A @60USD
Apple 60 GB iPod photo @55USD
Apple 30 GB iPod Photo M9829LL/A @50USD
Apple Macbook Pro 17″ 2.16GHZ Intel core duo
@750

NOKIA VERTU PRODUCT
Vertu Constellation Quadband Unlocked Phone
@900USD
Vertu Signature Triband Unlocked Phone
@2000USD
Vertu Ascent Triband Unlocked Phone @1200USD
Vertu Ascent Ti Quadband Unlocked Phone
(Black)@1500USD

RETURN POLICY
*************
You may return the item within ten (10)days of
delivery of the order,Products with
Manufacturer Warranties which exceed 30
days,returned directly to the manufacturer
according to their instruction.Customer may
request replacement product otherwise Company
credit will be issued.

OUR TERMS
*********
We ship to any destination within 48hours with
FedEx tracking # after confirming your part
payment for the types and pcs you demand.We
use reputable courier services of your choice
for Distribution of our goods worldwide!All
currency are in United State Dollars, Visit
(XE – The World's Favorite Currency and
Foreign Exchange Site)in order to Calculate
the cost of conversion of your order.

Tel:+(27)-730-392-979 Or

FAX NO:10017645363

CONTACT EMAIL:mobile99c@gmail.com

SALES ENQUIRY:mobile99c@hotmail.com

MSN CHAT:mobile99c

WEBSITE: http://mtglobalcomunication.com/mobile99c/

CONTACT MOBILE 99 CONSULTANCY TODAY FOR ALL
KINDS OF MOBILE PDA AND COMPUTER ACCESSORIES.

BEST RGARDS,
CEO/WENDY BIRT
EXCUTIVE DIR:WENDY MOO

there is an add on that causes your iphone to lock up, its an app from cydia that closes all apps, it is called open activator, when a call is made it causes the screen to freeze/lock up and a reboot is required, remove this app and bingo no more lock ups…simples