Remote execution DoS exploits iPhone by simply loading a Web page

Remote execution DoS exploits iPhone by simply loading a Web page

Summary: A new iPhone Safari remote execution DoS exploit will crash your iPhone by simply visiting a malicious page. David from iPhoneWorld claims that the exploit will crash iPhone's Safari browser and the desktop version of Safari as well.

SHARE:

Remote execution DoS exploits iPhone by simply loading a Web pageA new iPhone Safari remote execution DoS exploit will crash your iPhone by simply visiting a malicious page. David from iPhoneWorld claims that the exploit will crash iPhone's Safari browser and the desktop version of Safari as well.

The exploit is not new, it was refined from previously discovered code. The scary new development is that it doesn't require user intervention, i.e. clicking on a button, just loading a Web page containing the malicious code will lock up your iPhone.

The vulnerability is confirmed to crash iPhone firmware 1.1.4 but we're sure about older firmware versions. When I clicked on the link on my 1.1.4, non-jailbroken iPhone it opened a new browser window and the "loading" indicator in the top menu bar spun about three times and my iPhone locked up tighter than a drum. The spinner stopped spinning and my iPhone became completely unresponsive, forcing a reboot.

I also tested the code with Webkit v.3.0.4 and Safari 3 public beta and it crashed both with flying colors.

The exploit cannot be fixed until Apple updates the iPhone and iPod touch firmware. If you're worried about it you can disable JavaScript on your device.

The Safari exploit source code is and a link to a test page is posted on iPhoneWorld. You have been warned!

Topics: iPhone, Apple, Browser, Mobility, Operating Systems

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

14 comments
Log in or register to join the discussion
  • The more you use it....

    The more hackers and maleware pusher will find ways to exploit it. Apple product are in no way better then anythign else, the only thing different with apple products is the prices. And the iPhone is one of the most grossly overprice junkware apple have ever put on the marktet.
    Mectron
  • RE: Remote execution DoS exploits iPhone by simply loading a Web page

    I'd be hard pressed to compare a javascript DoS attack to trojans installing spambots or keyloggers. Rebooting the device is all you have to do to fix it? Guess that would be a pain, since I haven't had to reboot my iPod Touch in what?, since the last firmware update?
    gskiii
    • Just the start?

      the fact that this proves it is possible might be just the begining. In a few weeks their might be an exploit that delets your downloads, who knows?
      GuidingLight
      • fixed in Safari 3.1

        fixed in Safari 3.1
        pabugeater
  • Classic Apple security!!

    iPhone malware: countless
    Windows Mobile malware: 0

    I don't care why the iPhone is attacked so much and why Windows Mobile is so safe and secure but it makes this decision a no brainer: stay away from the platform under daily attack by the hackers! :)
    NonZealot
    • Windows Mobile: 0?

      Just google Windows Mobile exploits, Windows Mobile malware, etc. There's a ton of it out there. It's not nearly the problem it is on XP, but it's definitely out there.

      Just do some simple research before making silly claims like that.
      JakAttak
      • So what are the chances this message gets deleted?

        There were at least two other responses to this that got canned. Will this one too?
        rpmyers1
  • Oops! Should it be the 'iPwnd' now? <NT>

    ...
    Scrat
  • Not "vulnerability," "DoS" or "exploit." Just doggie poo.

    Take a look at the simple script: it makes some nonsense
    strings, then concatenates them so that the they use up more
    memory than ANY phone would have available.

    It crashed my work IE(6?). But it'd generally be hard to tell if it
    had locked up the browser, or just busied it out, on a desktop.

    This is an "exploit" only in that you visit a page that has the
    script, your browser will be busy until it gives up somehow. No
    suggestion that it could make your browser do anything except
    make you have to power-cycle your browser. Although it
    probes along the lines that real exploits do, there's NO SIGN of
    it being able to do anything than busy out your phone.

    Ergo, NOT really a Denial-of-Service. Not an "exploit." More
    like a stupid practical joke -- putting doggie poo in a paper
    bag on your neighbor's doorstep, lighting it and ringing the
    doorbell. Pretty far removed from ANY "security" concern.

    Hence, a non-story. Slow eyeball-whoring day?
    WaltFrench
  • Not very surprising, but still an issue

    This is one reason why sites which accept user contributed content should prohibit free-form html! The only malicious use I can think of is "poisoning" someones blog or wiki or forum.

    I have to admit that this "exploit" is not surprising. Writing a program to run out of memory is almost as easy as writing a program to use up an infinite amount of time (I.E infinite loop). Many programmers have written one, usually without trying to.

    It's still an issue though. The browser should have halted the Javascript interpreter long before it became unstable. There are lots of well-intentioned ways a page could run out of memory, such as fetching an enormous dataset through Ajax, or a memory leak. One should be able to set both a maximum time and maximum memory allocation for the javascript interpreter, and these limits should be respected.
    a.barry@...
  • Not just a Safari issue...

    This also happens in Firefox 2.0.0.12 and the new Firefox 3 beta. The exploit appears to cause a memory leak where the real memory usage of the browser exceeds a reasonable amount. For the iPhone, once its 256MB of on-board RAM is gone, the browser essentially takes down the whole OS in less than 10 seconds. I'm sure this would also be the case with any Mac running in conditions where low physical RAM is available. For those with plenty of RAM, it would only be a matter of time.

    Before the author goes off on a rant about insecurities in Safari (or any other Apple product for that matter), maybe he should test other platforms and browsers for similar issues...
    iMouse
    • OS X is a fantastic OS!!

      [i]the browser essentially takes down the whole OS in less than 10 seconds[/i]

      Wait a second here. Since the iPhone is running OS X, what you are saying is that OS X is so poorly coded that a memory leak in a user mode application can bring down the entire OS!?! WOW! That is [b]BAD[/b]!
      NonZealot
      • Safari crashes

        OS X doesn't (well not here anyway)
        MinorityReport
    • Funny

      I tested this in Firefox 2.0.0.12 on OS X 10.4.11 (after I'd disabled NoScript).

      The page took a long time to load but never crashed either the browser or the computer.
      MinorityReport