DOS Flaw Identified in Apple’s iPhone
Blog writer at McAfee Avert Labs, Jimmy Shah, discovered vulnerability in the Safari browser of iPhone on February 20, 2008. The exploit could be used to establish a jailbreak for version 1.1.3 of firmware, as reported by iPhonematters on February 20, 2008.
At the time researchers found the flaw, they were seeking a method to open file system on iPhones in latest firmware version 1.1.3. Unlocked file systems permit to install third-party programs and tailored ringtones. With the latest firmware edition, anyone can unlock his iPhone by accessing a certain website, using the Safari browser.
Anyone can exploit the Denial-of-Service (DOS) vulnerability by viewing the page, containing the proof-of-concept code, and then pressing a key that will present an alert and the code will start running. The iPhone will then become unresponsive before restarting quickly.
The exploit does not allow the user to use his iPhone and suspend the functions of iPhone. But it neither steals the user's data nor cause permanent damage to the iPhone. However, for the proof-of-concept to work, the user must interact by pressing the "Go" key. But in that process, a malicious Website can execute the code even without acquiring consent.
In related news, security and engineering response team at Arbor has predicted that Apple's iPhone would become victim of a series of drive-by attacks in 2008. Some of these attacks apparently innocuous media embedded in malware will behave dangerously when viewed on this iPhone's Safari browser.
Related article: Dixie College Suffers Data Hack
» SPAMfighter News - 26-02-2008