New iPhone Safari remote execution DoS exploit locks up your iPhone by simply visiting a malicious page
March 18, 2008 by David
iPhone is supposed to be a pretty secure platform — or so Apple tried to design it. However, nothing is perfect. And so, yet another “iPhone compatible” Safari exploit has been discovered, which is actually more dangerous on your iPhone or iPod Touch than on the computer. When executed it either locks up your iPhone/iPod Touch, or crashes the Safari browser on your Mac/PC computer (you decide which is worse).
This is not an entirely new code; apparently, it was refined from a previously discovered exploit. But as opposed to the exploit that we previously covered, there’s no need to press any buttons — your iPhone will lock up after simply visiting a page that contains the malicious code in question. As such, this can be classified as remote execution DoS vulnerability, which is already a notch above the previously discovered exploit.
The vulnerability was tested and found to be working with iPhone firmware v1.1.4 on our side, but it’s more than likely that it will crash older firmware versions of iPhone as well (please leave us a comment if you’ll test it with some previous firmware versions).
The exploit’s source code is below, while we’ve also set up a test page for everyone to enjoy (keep in mind that it will completely lock up your iPhone, so do expect to lose any open application data. Oh yes, and we’re not responsible for anything happening — or not happening — if you do open the test page).
Download Link: New iPhone Safari exploit source code. (safe to download, code in text format)
Test Link: Wanna crash your iPhone? Click here! (warning: just loading this page will lock up your iPhone or iPod Touch, or crash Safari on Mac/PC computers)
UPDATE: It appears that this vulnerability was eliminated in the latest version of Safari for computers (v3.1), that came out several hours after this article was posted. Here’s to hoping that a firmware upgrade with a similar fix for iPhone’s Mobile Safari is coming soon.
- Remote iPhone Denial of Service vulnerability exploit attacks 16GB iPhones (and 32GB Apple iPod Touch)
- Original iPhone DoS vulnerability still around in iPhone firmware v1.1.4…
- Apple iPhone Safari browser memory exhaustion remote Denial of Service vulnerability discovered
Sign up to receive latest iPhone World news and updates via e-mail, RSS, Twitter or Facebook!