iPhone vulnerable to DoS attack

By Ian Williams on Apr 17, 2008 10:10 AM
Filed under Web/client

A security firm claims to have uncovered a denial-of-service vulnerability in version 1.1.4 of Apple's Safari web browser for the iPhone.

Radware said that the phone is vulnerable to DoS attacks owing to a design flaw that may be triggered by a series of memory allocation operations on the dynamic memory pool, which in turn triggers a bug in the garbage collector.

"While vendors are struggling to push new products and applications, it is evident that security still remains a secondary concern," said Itzik Kotler, security operation centre manager at Radware.

"Hackers continue to misappropriate other people's software and their job is made easier by design flaws embedded into software products."

To exploit the vulnerability, an iPhone user must open an HTML page which contains JavaScript that manifests this vulnerability.

Once at the site, an application-level DoS attack crashes the Safari browser and could go as far as crashing the iPhone completely.

Users could be lured to sites containing this attack via links in spam messages or other social engineering techniques.

It is unclear whether the fault can cause any permanent damage to the phone or is simply a nuisance.

iphone dos, attack iphone, security iphone

Ads by Google

What are your thoughts on this article? Add your comment below.

To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.

NOTE: You must be a registered member of SC Magazine to post a comment.

Click here to login | Click here to register

comments powered by Disqus