According to IT Pro the Apple iPhone is vulnerable to Denial of Service attacks. These can occur when an iPhone user opens a JavaScript containing HTML page which triggers the vulnerability. An application Denial of Service attack can then crash the Safari browser on the phone, and quite possibly the iPhone itself.
The vulnerability actually lies with the Safari web browser that is used within the latest version 1.1.4 of the Apple iPhone software, and has been uncovered by integrated application delivery solutions outfit Radware which funnily enough is also offering a solution in the form of its own Security Update Service.
Radware warn that the vulnerability, which obviously has to have a user visiting an 'infected' web page using the iPhone in order to trigger the DoS attack, could be driven by a social engineering exploit using either email or SMS text messaging. The browser is vulnerable due to a design flaw that may be triggered by a series of memory allocation operations on the dynamic memory pool, according to Radware. This in turn can trigger a bug in the garbage collector, and the security hole is currently unpatched.
"While vendors are struggling to push new products and applications, it is evident that security still remains a secondary concern" says the Security Operation Centre Manager at Radware, Itzik Kotler who continues "hackers continue to misappropriate other people's software and their job is made easier by design flaws embedded into software products".
