iPhone’s Safari Vulnerable To Denial of Service Attacks; Can Even Crash The iPhone

Radware’s vulnerability research team has discovered a denial of service (DoS) vulnerability in the iPhone’s web browser, Safari 1.1.4.  The DoS, once triggered, results in crashing the Safari browser and can even crash the entire iPhone device.

As per the research, if an iPhone user opens any HTML page which contains Javascript that can manifest this vulnerability, the user will experience an application level Denial of Service crashing the Safari browser.  This vulnerability to DoS attacks is due to a design flaw in Apple’s iPhone that starts off with a series of memory allocation operations on the dynamic memory pool, which in turn triggers a bug in the garbage collector.

This loophole in the iPhone’s security is still open and will require Apple to issue an update to solve the problem.  At the same time. Radware has also announced the availability of a solution which will protect the iPhone from the DoS attacks triggered by exploiting this vulnerability.

Short URL: http://www.betadaily.com/?p=4505

Posted by Vikrant on Apr 15 2008. Filed under Technology. You can follow any responses to this entry through the RSS 2.0. You can leave a response or trackback to this entry