The Apple Core

Jason D. O'Grady & David Morgenstern
Home / News & Blogs / The Apple Core

Remote execution DoS exploits iPhone by simply loading a Web page

By | March 18, 2008, 5:09am PDT

Summary: A new iPhone Safari remote execution DoS exploit will crash your iPhone by simply visiting a malicious page. David from iPhoneWorld claims that the exploit will crash iPhone’s Safari browser and the desktop version of Safari as well. The exploit is not new, it was refined from previously discovered code. The scary new development is [...]

Remote execution DoS exploits iPhone by simply loading a Web pageA new iPhone Safari remote execution DoS exploit will crash your iPhone by simply visiting a malicious page. David from iPhoneWorld claims that the exploit will crash iPhone’s Safari browser and the desktop version of Safari as well.

The exploit is not new, it was refined from previously discovered code. The scary new development is that it doesn’t require user intervention, i.e. clicking on a button, just loading a Web page containing the malicious code will lock up your iPhone.

The vulnerability is confirmed to crash iPhone firmware 1.1.4 but we’re sure about older firmware versions. When I clicked on the link on my 1.1.4, non-jailbroken iPhone it opened a new browser window and the “loading” indicator in the top menu bar spun about three times and my iPhone locked up tighter than a drum. The spinner stopped spinning and my iPhone became completely unresponsive, forcing a reboot.

I also tested the code with Webkit v.3.0.4 and Safari 3 public beta and it crashed both with flying colors.

The exploit cannot be fixed until Apple updates the iPhone and iPod touch firmware. If you’re worried about it you can disable JavaScript on your device.

The Safari exploit source code is and a link to a test page is posted on iPhoneWorld. You have been warned!

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “The Apple Core”

Topics

Apple iPhone, Web, Apple Safari, DOS, Web Page, Jason D. O\'Grady

Jason O'Grady is a journalist and author specializing in mobile technology. He has published six books on Apple and mobile gadgets and his PowerPage blog has been publishing for over 15 years.

Disclosure

Jason D. O'Grady

Jason D. O'Grady is the creator and editor of O'Grady's PowerPage, which has been publishing mobile technology news since 1995. He maintains an advertising relationship with the following legacy advertisers on the PowerPage:

  • Amazon Associates
  • Google Adsense
  • Tekserve

    • Advertising on the PowerPage is brokered by a third-party agency (BackBeat Media) and he recuses himself from these negotiations.

Biography

Jason D. O'Grady

Jason D. O'Grady developed an affinity for Apple computers after using the original Lisa, and this affinity turned into a bona-fide obsession when he got the original 128 KB Macintosh in 1984.

He started writing one of the first Web sites about Apple (O'Grady's PowerPage) in 1995 and is considered to be one of the fathers of blogging. He has been a frequent speaker at the Macworld Expo conference and a member of the conference faculty. He also co-founded the first dedicated PowerBook User Group (PPUG) in the United States.

After winning a major legal battle with Apple in 2006, he set the precedent that independent journalists are entitled to the same protections under the First Amendment as members of the mainstream media.

O'Grady is the author of The Nexus One Pocket Guide, The Droid Pocket Guide, The Google Phone Pocket Guide, and The Garmin nuvi Pocket Guide (Peachpit Press), the author of Corporations That Changed the World: Apple Inc. (Greenwood Press), and a contributor to The Mac Bible (Peachpit Press). In addition, he has contributed to numerous Mac publications over the years, including MacWEEK, Macworld, and MacPower (Japan).

When he's not writing about Apple for ZDNet at The Apple Core, he enjoys spending time with his family in New Jersey.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
15
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Remote execution DoS exploits iPhone by simply loading a Web page
tomlin21-24319035676893835085146735905770 11th Oct
This could be considered nfl jerseys a fantastic,common perception small short article.Especially sensible to 1 that is certainly just acquiring the resouces about this piece.It is really about to most definitely advantage instruct me.
View in thread
0 Votes
+ -
The more you use it....
Mectron 18th Mar 2008
The more hackers and maleware pusher will find ways to exploit it. Apple product are in no way better then anythign else, the only thing different with apple products is the prices. And the iPhone is one of the most grossly overprice junkware apple have ever put on the marktet.
0 Votes
+ -
RE: Remote execution DoS exploits iPhone by simply loading a Web page
gskiii 18th Mar 2008
I'd be hard pressed to compare a javascript DoS attack to trojans installing spambots or keyloggers. Rebooting the device is all you have to do to fix it? Guess that would be a pain, since I haven't had to reboot my iPod Touch in what?, since the last firmware update?
0 Votes
+ -
Just the start?
GuidingLight 18th Mar 2008
the fact that this proves it is possible might be just the begining. In a few weeks their might be an exploit that delets your downloads, who knows?
0 Votes
+ -
fixed in Safari 3.1
pabugeater 18th Mar 2008
fixed in Safari 3.1
0 Votes
+ -
Classic Apple security!!
NonZealot 18th Mar 2008
iPhone malware: countless
Windows Mobile malware: 0

I don't care why the iPhone is attacked so much and why Windows Mobile is so safe and secure but it makes this decision a no brainer: stay away from the platform under daily attack by the hackers! happy
0 Votes
+ -
Windows Mobile: 0?
JakAttak 18th Mar 2008
Just google Windows Mobile exploits, Windows Mobile malware, etc. There's a ton of it out there. It's not nearly the problem it is on XP, but it's definitely out there.

Just do some simple research before making silly claims like that.
0 Votes
+ -
So what are the chances this message gets deleted?
rpmyers1 18th Mar 2008
There were at least two other responses to this that got canned. Will this one too?
0 Votes
+ -
Oops! Should it be the 'iPwnd' now?
Scrat 18th Mar 2008
...
0 Votes
+ -
Not "vulnerability," "DoS" or "exploit." Just doggie poo.
WaltFrench@... 19th Mar 2008
Take a look at the simple script: it makes some nonsense
strings, then concatenates them so that the they use up more
memory than ANY phone would have available.

It crashed my work IE(6?). But it'd generally be hard to tell if it
had locked up the browser, or just busied it out, on a desktop.

This is an "exploit" only in that you visit a page that has the
script, your browser will be busy until it gives up somehow. No
suggestion that it could make your browser do anything except
make you have to power-cycle your browser. Although it
probes along the lines that real exploits do, there's NO SIGN of
it being able to do anything than busy out your phone.

Ergo, NOT really a Denial-of-Service. Not an "exploit." More
like a stupid practical joke -- putting doggie poo in a paper
bag on your neighbor's doorstep, lighting it and ringing the
doorbell. Pretty far removed from ANY "security" concern.

Hence, a non-story. Slow eyeball-whoring day?
0 Votes
+ -
Not very surprising, but still an issue
a.barry@... 19th Mar 2008
This is one reason why sites which accept user contributed content should prohibit free-form html! The only malicious use I can think of is "poisoning" someones blog or wiki or forum.

I have to admit that this "exploit" is not surprising. Writing a program to run out of memory is almost as easy as writing a program to use up an infinite amount of time (I.E infinite loop). Many programmers have written one, usually without trying to.

It's still an issue though. The browser should have halted the Javascript interpreter long before it became unstable. There are lots of well-intentioned ways a page could run out of memory, such as fetching an enormous dataset through Ajax, or a memory leak. One should be able to set both a maximum time and maximum memory allocation for the javascript interpreter, and these limits should be respected.
0 Votes
+ -
Not just a Safari issue...
iMouse 19th Mar 2008
This also happens in Firefox 2.0.0.12 and the new Firefox 3 beta. The exploit appears to cause a memory leak where the real memory usage of the browser exceeds a reasonable amount. For the iPhone, once its 256MB of on-board RAM is gone, the browser essentially takes down the whole OS in less than 10 seconds. I'm sure this would also be the case with any Mac running in conditions where low physical RAM is available. For those with plenty of RAM, it would only be a matter of time.

Before the author goes off on a rant about insecurities in Safari (or any other Apple product for that matter), maybe he should test other platforms and browsers for similar issues...
0 Votes
+ -
OS X is a fantastic OS!!
NonZealot 19th Mar 2008
the browser essentially takes down the whole OS in less than 10 seconds

Wait a second here. Since the iPhone is running OS X, what you are saying is that OS X is so poorly coded that a memory leak in a user mode application can bring down the entire OS!?! WOW! That is BAD!
0 Votes
+ -
Safari crashes
MinorityReport 21st Mar 2008
OS X doesn't (well not here anyway)
0 Votes
+ -
Funny
MinorityReport 21st Mar 2008
I tested this in Firefox 2.0.0.12 on OS X 10.4.11 (after I'd disabled NoScript).

The page took a long time to load but never crashed either the browser or the computer.
0 Votes
+ -
RE: Remote execution DoS exploits iPhone by simply loading a Web page
tomlin21-24319035676893835085146735905770 11th Oct
This could be considered nfl jerseys a fantastic,common perception small short article.Especially sensible to 1 that is certainly just acquiring the resouces about this piece.It is really about to most definitely advantage instruct me.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix