iPhone denial of service vulnerability discovered

One of the McAfee Avert Labs bloggers Jimmy Shah has found Denial of Service vulnerability in iPhones Safari browser.

"The researchers who found the vulnerability were looking for a method to unlock the file system on iPhones with the latest firmware (1.1.3). Unlocking the file system allows the installing of custom ringtones and third party applications. With the last firmware version you could automatically unlock your iPhone by visiting a particular website with the Mobile Safari browser," he wrote.



The DoS vulnerability can be exploited by visiting the proof of concept page and clicking a button that will launch a warning and the exploit code will run. The iPhone is then unresponsive before rebooting a less than a minute later, he said.

"The DoS bug exploit is partially based on JavaScript code from the Month of Browser Bugs(MOBB). During the MOBB a group of security researchers released an exploit for web browser vulnerability every single day. While the original exploit was targeted at desktop browsers, the modified version simply attempts to fill memory and crash the phone," he wrote. The bug will only prevent you from using the iPhone temporarily and doesn't steal data or permanently damage the iPhone. The proof of concept requires user interaction, by pressing the "Go" button that appears, but "a more malicious site could run the code without permission," he noted.

You can avoid such DoS vulnerability by disabling JavaScript byt going to Home>Settings>Safari. However you won’t be able to access certain web applications.

Thanks: crn