Remote execution DoS exploits iPhone by simply loading a Web page

The exploit is not new, it was refined from previously discovered code. The scary new development is that it doesn't require user intervention, i.e. clicking on a button, just loading a Web page containing the malicious code will lock up your iPhone.

The vulnerability is confirmed to crash iPhone firmware 1.1.4 but we're sure about older firmware versions. When I clicked on the link on my 1.1.4, non-jailbroken iPhone it opened a new browser window and the "loading" indicator in the top menu bar spun about three times and my iPhone locked up tighter than a drum. The spinner stopped spinning and my iPhone became completely unresponsive, forcing a reboot.

I also tested the code with Webkit v.3.0.4 and Safari 3 public beta and it crashed both with flying colors.

The exploit cannot be fixed until Apple updates the iPhone and iPod touch firmware. If you're worried about it you can disable JavaScript on your device.

The Safari exploit source code is and a link to a test page is posted on iPhoneWorld. You have been warned!