toggle

iPhone denial-of-service bug surfaces

updated 11:25 am EST, Thu February 7, 2008

iPhone DoS surfaces


An exploit for Apple's iPhone has surfaced that can crash the device when unsuspecting users visit a maliciously crafted Web page. SecurityFocus notes that successful attacks cause a kernel panic, crashing the iPhone which could ultimately lead to remote code execution. The firm states that iPhone firmware version 1.1.2 and 1.1.3 are both affected, and suggest that other versions may also be vulnerable.

Apple Mobile Safari 0 is vulnerable to the denial-of-service attack, which results from a failure to handle exceptional conditions. The security hole is currently unpatched, leaving iPhone owners vulnerable to potential attacks until Apple issues a security update.


by MacNN Staff

print
email
(7)

TAGS : 

iPhone, security, exploit

Related Articles

Recent Articles


toggle

Comments

  1. WiseWeasel

    Fresh-Faced Recruit

    Joined: Apr 1999

    0
    02/07, 11:42am | report spam | Reply |

    yay!

    Yaaaay, proper jailbreakme.com exploit for 1.1.3, here we come!

  1. jhawk95

    Fresh-Faced Recruit

    Joined: Oct 2006

    0
    02/07, 12:15pm | report spam | Reply |

    The Sky Is Falling!!!!!

    The Sky is Falling! The Sky is Falling!!

    Here we go again! IF you visit a site, and IF you puch the one key and the off button at the same time, and IF you stand on your head and shout "I'm the kinkg of the world"..... then someone might take over your iPhone.

    Give us a site where this happens and tell us how many people have been affected by this or SHUT UP already!

  1. ViktorCode

    Fresh-Faced Recruit

    Joined: Jan 2006

    0
    02/07, 12:32pm | report spam | Reply |

    old stuff

    We've seen this stuff on 24 of January, first time the bug was discovered. The only news is "security experts" somehow got their hands on a locked iPhone, patched it to 1.1.3 and confirmed the bug works there as well.

    Just don't ask them why they couldn't provide a proof of concept exploit that is actually able to take over iPhone, not crash it.

  1. Feathers

    Grizzled Veteran

    Joined: Oct 1999

    0
    02/07, 12:33pm | report spam | Reply |

    maliciously crafted...

    Just exactly what kind of pages are "maliciously crafted" as if we didn't know! If you choose to trawl the underbelly of the internet you're bound to find something unpleasant. It's classic parental advice..."Stay on the well lit streets"! I'm guessing the material found on such web-sites looks pretty good on the iPhone's screen. Does touching work?

  1. ajhoughton

    Fresh-Faced Recruit

    Joined: Mar 2004

    0
    02/07, 12:41pm | report spam | Reply |

    not a denial of service

    A denial of service is an ongoing attack that "denies service"; i.e. it prevents you from using something until the attack ceases. This does not do that, and it is therefore not a denial of service. It is a crash.

    "DoS" may *sound* cool, but it shouldn't be applied willy-nilly.

  1. Robb

    Fresh-Faced Recruit

    Joined: Feb 2000

    0
    02/07, 12:46pm | report spam | Reply |

    good to know...

    This article is actually pretty straight forward; DOS bug that can cause your iPhone to crash when visiting a malicious site, currently un-patched. No hype. No sensationalism. We've seen worse reporting.

  1. testudo

    Fresh-Faced Recruit

    Joined: Aug 2001

    0
    02/07, 03:53pm | report spam | Reply |

    Re: not a DOS

    A denial of service is an ongoing attack that "denies service"; i.e. it prevents you from using something until the attack ceases. This does not do that, and it is therefore not a denial of service. It is a crash.

    Actually, that's just one way to create a Denial of Service. By definition, a DOS attack/exploit is just that, an attack/exploit that makes the device unresponsive.

    The classic way is to pound a system with network traffic so valid traffic is unable to get through. But you can also create a DOS scenario by causing a computer to eat up CPU cycles, or just crash the system. If you've ever had a runaway process that makes the whole system virtually unusable, that's a DOS (though it may not be an attack).

    By crashing the phone (or computer, server, car, etc), you are, in affect, denying service of the device.

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

10 Most Read

Recent Reviews

Logitech Cube

The world of mice could often be described charitably as stagnant: it's an endless sea of ergonomic shapes that assume you're sitting ...

NewerTech and Targus USB Hubs For Gifts

A useful holiday present to resolve an ongoing frustration is a multi-port hub. Whether as a stocking stuffer, Chanukah present, or an ...

X-Rite ColorMunki Photo

Color calibration is the art of tweaking your monitor so that the colors represented on screen better match real life and your printer ...

toggle

Most Commented

10 Most Discussed

 
toggle

Popular News