Original iPhone DoS vulnerability still around in iPhone firmware v1.1.4…
Posted by dennis on March 27th, 2008 at 10:02pm Comments
Recently we’ve decided to check up on a vulnerability originally discovered by Joshua Morin — it was the sort of code that would send iPhone’s Mobile Safari back to the Infinite Loop (for those that enjoy the puns).
Originally we’ve reported that the issue was present in v1.1.3 firmware and traced it as far back as to v1.0.2 firmware. It seems that Apple still did not fix this particular issue with the most recent v1.1.4 firmware update.
As a demonstration you may see the code of and try the exploit itself (note: trying the exploit below will crash your iPhone and possibly Safari browser. Shall you choose to proceed with it be ready to lose all unsaved information on your iPhone).
Upon clicking on a button after following the link to test page below your iPhone will crash. As such we do wonder how long it could take for Apple to patch each individual issue.
- download in a .txt file - safe to click.
- Crash-your-iPhone v1.1.4 test page! - unsafe to click on iPhone/iPod Touch/Safari
We could not get an Apple representative to comment, but one of our security expert sources stated “…the problem could rely deeper than Apple, it might be the manufacture. Thus the physical memory tied to the iPhone’s board...”
Related posts:
- New iPhone Safari remote execution DoS exploit locks up your iPhone by simply visiting a malicious page
- Remote iPhone Denial of Service vulnerability exploit attacks 16GB iPhones (and 32GB Apple iPod Touch)
- iPhone denial of service vulnerability discovered by McAfee (finally)
- Apple iPhone Safari browser memory exhaustion remote Denial of Service vulnerability discovered
- iPhone hacker finds iPhone (3G / original) vulnerability that can crash iPhone v2.1 firmware
Care to rate this iPhone World article? Current news rating:
(No Ratings Yet)
Loading ...Filed Under: News+ Tech News+ iPhone Hacks+ iPhone News
