New iPhone Safari remote execution DoS exploit locks up your iPhone by simply visiting a malicious page
Posted by David on March 18th, 2008 at 04:43am Comments
iPhone is supposed to be a pretty secure platform — or so Apple tried to design it. However, nothing is perfect. And so, yet another “iPhone compatible” Safari exploit has been discovered, which is actually more dangerous on your iPhone or iPod Touch than on the computer. When executed it either locks up your iPhone/iPod Touch, or crashes the Safari browser on your Mac/PC computer (you decide which is worse).
This is not an entirely new code; apparently, it was refined from a previously discovered exploit. But as opposed to the exploit that we previously covered, there’s no need to press any buttons — your iPhone will lock up after simply visiting a page that contains the malicious code in question. As such, this can be classified as remote execution DoS vulnerability, which is already a notch above the previously discovered exploit.

The vulnerability was tested and found to be working with iPhone firmware v1.1.4 on our side, but it’s more than likely that it will crash older firmware versions of iPhone as well (please leave us a comment if you’ll test it with some previous firmware versions).
As usual, this exploit cannot be fixed until Apple releases the next firmware upgrade — so your only solution to it for now is to disable JavaScript on your iPhone or iPod Touch.
The exploit’s source code is below, while we’ve also set up a test page for everyone to enjoy (keep in mind that it will completely lock up your iPhone, so do expect to lose any open application data. Oh yes, and we’re not responsible for anything happening — or not happening — if you do open the test page).
Download Link: New iPhone Safari exploit source code. (safe to download, code in text format)
Test Link: Wanna crash your iPhone? Click here! (warning: just loading this page will lock up your iPhone or iPod Touch, or crash Safari on Mac/PC computers)
UPDATE: It appears that this vulnerability was eliminated in the latest version of Safari for computers (v3.1), that came out several hours after this article was posted. Here’s to hoping that a firmware upgrade with a similar fix for iPhone’s Mobile Safari is coming soon.
Related posts:
- Remote iPhone Denial of Service vulnerability exploit attacks 16GB iPhones (and 32GB Apple iPod Touch)
- Another iPhone DoS exploit discovered, maybe?
- Apple iPhone Safari browser memory exhaustion remote Denial of Service vulnerability discovered
- Original iPhone DoS vulnerability still around in iPhone firmware v1.1.4…
- iPhone denial of service vulnerability discovered by McAfee (finally)
Care to rate this iPhone World article? Current news rating:
Filed Under: News+ Tech News+ iPhone Hacks+ iPhone News
-
MJ420
-
dennis
-
Steve Lidie
-
Siergiej
-
Newfari
-
Ben
-
Brad
-
ben
-
Mark S.
-
Tom
-
Walt French
-
Franz
-
mjc
-
dennis
-
Thi Ha
-
Jakob Peterhänsel
-
airmanchairman
-
dennis
-
MarcoIac
-
Vermilion
-
me
-
Greg
-
N.o.y.B






















