iPhone Safari DoS bug discovered

Radware, who produce enterprise security software, are claiming to have identified a Denial of Service (DoS) flaw in the iPhone’s mobile Safari browser.  While not yet seen in the wild, the bug is triggered by a Javascript command on a webpage - which Radware suggest would be linked to via a spam email or SMS message - and could result in Safari crashing or even the iPhone itself becoming unstable.  The flaw is present in Apple’s latest publicly available firmware, version 1.1.4, though it is uncertain whether Firmware 2.0 is similarly affected.

The exploit works through what Radware are calling a design flaw in mobile Safari, whereby multiple memory allocation operations on the dynamic memory pool trigger a bug in the garbage collector.  There doesn’t seem to be a lasting impact on the cellphone - switching it off and then on again should reset it - but I can see how this might be less than reassuring to your IT manager at work. 

Apple are yet to address the issue, and Radware would very much like you to buy their security software to prevent against it.  Of course, the obvious advice is - just like browsing the internet anywhere else - to not click on links from sources you don’t trust, to be cautious about random looking sites and to generally be sensible.  Though that wouldn’t make Radware any money, I suppose.

[via GigaOM]

 

Written by Chris Davies. Read more great feeds at is source WEBSITE
with no comments.
Read more articles on Safari Browser and Security and iPhone and iPhone archive.

• [+] Digg: Feature this article
• [+] Del.icio.us: Bookmark this article
• [+] Furl: Bookmark this article

Related articles

• iPhone 3G makes it easier to download…porn? (June 24th, 2008)
• New version of Google Reader available for iPhone (May 13th, 2008)
• Muxtape now available on iPhone (May 12th, 2008)
• Saving images from email attachments supported in iPhone Firmware 2.0 Beta 3 (April 22nd, 2008)
• Latest firmware for iPhone allows image saving from Safari (April 15th, 2008)