Check out our picks for the hot Emerging Software Vendors from the 2009 Emerging Vendors survey.
Check out our picks for the hot Emerging Hardware Vendors from the 2009 Emerging Vendors survey.
Check out our picks for the hot Emerging Virtualization Vendors from the 2009 Emerging Vendors survey.
"The researchers who found the vulnerability were looking for a method to unlock the filesystem on iPhones with the latest firmware (1.1.3). Unlocking the file system allows the installing of custom ringtones and third party applications. With the last firmware version you could automatically unlock your iPhone by visiting a particular website with the Mobile Safari browser," Shah wrote.
The DoS vulnerability can be exploited by visiting the proof of concept page and clicking a button that will launch a warning and the exploit code will run. The iPhone is then unresponsive before rebooting a less than a minute later, Shah wrote.
"The DoS bug exploit is partially based on JavaScript code from the Month of Browser Bugs(MOBB). During the MOBB a group of security researchers released an exploit for a web browser vulnerability every single day. While the original exploit was targeted at desktop browsers, the modified version simply attempts to fill memory and crash the phone," he wrote. The bug will only prevent you from using the iPhone temporarily and doesn't steal data or permanently damage the iPhone. The proof of concept requires user interaction, by pressing the "Go" button that appears, but "a more malicious site could run the code without permission," he wrote.
"It's possible to avoid the DoS vulnerability, at the cost of not being able to access certain web applications. JavaScript can be disabled by going to Home, Settings, Safari."
Apple's Web site also shows users how to secure Safari.
Subscribe To This Feed
