Remote execution DoS exploits iPhone by simply loading a Web page

Summary:A new iPhone Safari remote execution DoS exploit will crash your iPhone by simply visiting a malicious page. David from iPhoneWorld claims that the exploit will crash iPhone's Safari browser and the desktop version of Safari as well.

Remote execution DoS exploits iPhone by simply loading a Web page
A new iPhone Safari remote execution DoS exploit will crash your iPhone by simply visiting a malicious page. David from iPhoneWorld claims that the exploit will crash iPhone's Safari browser and the desktop version of Safari as well.

The exploit is not new, it was refined from previously discovered code. The scary new development is that it doesn't require user intervention, i.e. clicking on a button, just loading a Web page containing the malicious code will lock up your iPhone.

The vulnerability is confirmed to crash iPhone firmware 1.1.4 but we're sure about older firmware versions. When I clicked on the link on my 1.1.4, non-jailbroken iPhone it opened a new browser window and the "loading" indicator in the top menu bar spun about three times and my iPhone locked up tighter than a drum. The spinner stopped spinning and my iPhone became completely unresponsive, forcing a reboot.

I also tested the code with Webkit v.3.0.4 and Safari 3 public beta and it crashed both with flying colors.

The exploit cannot be fixed until Apple updates the iPhone and iPod touch firmware. If you're worried about it you can disable JavaScript on your device.

The Safari exploit source code is and a link to a test page is posted on iPhoneWorld. You have been warned!

Topics: iPhone, Apple, Browser, Mobility, Operating Systems

About

Jason D. O'Grady developed an affinity for Apple computers after using the original Lisa, and this affinity turned into a bona-fide obsession when he got the original 128 KB Macintosh in 1984. He started writing one of the first Web sites about Apple (O'Grady's PowerPage) in 1995 and is considered to be one of the fathers of blogging.... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.