Please support our Tech Talk advertiser:
Featured Entry 
Apr 15th, 2008, 6:36 pm
•
•
•
•
According to IT Pro the Apple iPhone is vulnerable to Denial of Service attacks. These can occur when an iPhone user opens a JavaScript containing HTML page which triggers the vulnerability. An application Denial of Service attack can then crash the Safari browser on the phone, and quite possibly the iPhone itself.
The vulnerability actually lies with the Safari web browser that is used within the latest version 1.1.4 of the Apple iPhone software, and has been uncovered by integrated application delivery solutions outfit Radware which funnily enough is also offering a solution in the form of its own Security Update Service.
Radware warn that the vulnerability, which obviously has to have a user visiting an 'infected' web page using the iPhone in order to trigger the DoS attack, could be driven by a social engineering exploit using either email or SMS text messaging. The browser is vulnerable due to a design flaw that may be triggered by a series of memory allocation operations on the dynamic memory pool, according to Radware. This in turn can trigger a bug in the garbage collector, and the security hole is currently unpatched.
"While vendors are struggling to push new products and applications, it is evident that security still remains a secondary concern" says the Security Operation Centre Manager at Radware, Itzik Kotler who continues "hackers continue to misappropriate other people's software and their job is made easier by design flaws embedded into software products".
The vulnerability actually lies with the Safari web browser that is used within the latest version 1.1.4 of the Apple iPhone software, and has been uncovered by integrated application delivery solutions outfit Radware which funnily enough is also offering a solution in the form of its own Security Update Service.
Radware warn that the vulnerability, which obviously has to have a user visiting an 'infected' web page using the iPhone in order to trigger the DoS attack, could be driven by a social engineering exploit using either email or SMS text messaging. The browser is vulnerable due to a design flaw that may be triggered by a series of memory allocation operations on the dynamic memory pool, according to Radware. This in turn can trigger a bug in the garbage collector, and the security hole is currently unpatched.
"While vendors are struggling to push new products and applications, it is evident that security still remains a secondary concern" says the Security Operation Centre Manager at Radware, Itzik Kotler who continues "hackers continue to misappropriate other people's software and their job is made easier by design flaws embedded into software products".
- Davey Winder, staff writer aka happygeek
•
•
•
•
advertising apple botnet browser business crime data development drm email europe facebook firefox forensic gaming google hacking hardware help ibm internet iphone ipod itunes law legal linux mac malware microsoft mobile mozilla mp3 music news privacy research search security software spam survey technology trojan video virus vista web windows youtube
All Recent Tags Post Comment
•
•
•
•
DaniWeb Marketplace (Sponsored Links)
Related Blog Entries
- Chinese quake should not threaten Intel chip supply (8 Hours Ago)
- The botnet stripped naked and exposed (1 Day Ago)
- Fedora 9: All That and a Bag O' Chips (1 Day Ago)
- F1 racing drivers at risk from hard drive blackmail plot (2 Days Ago)
- What Does the Future Hold for the OS? (3 Days Ago)
- Jasper is just a stepping stone to Valhalla for Microsoft Xbox 360 gamers (3 Days Ago)
- Is Google an open relay spammer? (3 Days Ago)
- Computing and disabilities (7 Days Ago)
- Chinese Army of Hackers attack Belgium (7 Days Ago)
- Microsoft open source vision blooms with Daisy (8 Days Ago)
