Safari DoS vulnerability could crash your Apple iPhone
Please support our Hardware and Software advertiser: Programming Forums
Apr 15th, 2008, 6:36 pm
According to IT Pro the Apple iPhone is vulnerable to Denial of Service attacks. These can occur when an iPhone user opens a JavaScript containing HTML page which triggers the vulnerability. An application Denial of Service attack can then crash the Safari browser on the phone, and quite possibly the iPhone itself.
The vulnerability actually lies with the Safari web browser that is used within the latest version 1.1.4 of the Apple iPhone software, and has been uncovered by integrated application delivery solutions outfit Radware which funnily enough is also offering a solution in the form of its own Security Update Service.
Radware warn that the vulnerability, which obviously has to have a user visiting an 'infected' web page using the iPhone in order to trigger the DoS attack, could be driven by a social engineering exploit using either email or SMS text messaging. The browser is vulnerable due to a design flaw that may be triggered by a series of memory allocation operations on the dynamic memory pool, according to Radware. This in turn can trigger a bug in the garbage collector, and the security hole is currently unpatched.
"While vendors are struggling to push new products and applications, it is evident that security still remains a secondary concern" says the Security Operation Centre Manager at Radware, Itzik Kotler who continues "hackers continue to misappropriate other people's software and their job is made easier by design flaws embedded into software products".
The vulnerability actually lies with the Safari web browser that is used within the latest version 1.1.4 of the Apple iPhone software, and has been uncovered by integrated application delivery solutions outfit Radware which funnily enough is also offering a solution in the form of its own Security Update Service.
Radware warn that the vulnerability, which obviously has to have a user visiting an 'infected' web page using the iPhone in order to trigger the DoS attack, could be driven by a social engineering exploit using either email or SMS text messaging. The browser is vulnerable due to a design flaw that may be triggered by a series of memory allocation operations on the dynamic memory pool, according to Radware. This in turn can trigger a bug in the garbage collector, and the security hole is currently unpatched.
"While vendors are struggling to push new products and applications, it is evident that security still remains a secondary concern" says the Security Operation Centre Manager at Radware, Itzik Kotler who continues "hackers continue to misappropriate other people's software and their job is made easier by design flaws embedded into software products".
•
•
•
•
This blog entry was written by Davey Winder, staff writer aka happygeek. It has been filed under the Hardware and Software category. It has received 1,623 views, 1 comment(s), and 19 linkbacks. It was promoted to featured news status Apr 15th, 2008.
kumaran83 | Newbie Poster | Aug 29th, 2008
•
•
•
•
I don't know why people are suffering with unlocking and all the blah blah with apple iphone.
I have a Pocket PC, I used a iphone theme (http://www.iphonethemeforpocketpc.com/) and everything worked like a magic to me. Now I'm having the iphone experience in my Pocket PC.
I have a Pocket PC, I used a iphone theme (http://www.iphonethemeforpocketpc.com/) and everything worked like a magic to me. Now I'm having the iphone experience in my Pocket PC.
Related Blog Entries
- Will Moonfruit destroy Twitter? (15 Hours Ago)
- Yahoo Announces 'Green' Data Center Powered by Niagara Falls (3 Days Ago)
- Neverland is Your Virtual Linux Playground (3 Days Ago)
- Pink iPhone 3GS is hot stuff (3 Days Ago)
- Sarah Palin Hacked Off (4 Days Ago)