According to IT Pro the Apple iPhone is vulnerable to Denial of Service attacks. These can occur when an iPhone user opens a JavaScript containing HTML page which triggers the vulnerability. An application Denial of Service attack can then crash the Safari browser on the phone, and quite possibly the iPhone itself.

The vulnerability actually lies with the Safari web browser that is used within the latest version 1.1.4 of the Apple iPhone software, and has been uncovered by integrated application delivery solutions outfit Radware which funnily enough is also offering a solution in the form of its own Security Update Service.

Radware warn that the vulnerability, which obviously has to have a user visiting an 'infected' web page using the iPhone in order to trigger the DoS attack, could be driven by a social engineering exploit using either email or SMS text messaging. The browser is vulnerable due to a design flaw that may be triggered by a series of memory allocation operations on the dynamic memory pool, according to Radware. This in turn can trigger a bug in the garbage collector, and the security hole is currently unpatched.

"While vendors are struggling to push new products and applications, it is evident that security still remains a secondary concern" says the Security Operation Centre Manager at Radware, Itzik Kotler who continues "hackers continue to misappropriate other people's software and their job is made easier by design flaws embedded into software products".

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

10 Years
Discussion Span
Last Post by kumaran83
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.