Safari Vulnerability Leaves Apple iPhone Open To Attack


Security experts say that the design flaw, which was detected by researchers at application delivery solutions company Radware earlier this week, triggers a series of memory allocation operations on the memory pool, which in turn triggers another bug in the garbage collector.

In order to exploit the vulnerability, a user would have to open a malicious HTML page containing javascript, usually through some kind of social engineering tactic such as phishing e-mail. Researchers said that in a worst case scenario, the user will experience an application level denial of service attack that could result in a complete crash of the Safari browser. The crashed browser could ultimately escalate the malfunction to the point of paralyzing the entire iPhone appliance.

Researchers at Radware said that every time the iPhone crashes, it creates a log file dump, resulting in a situation where the entire memory of the device is consumed. Because iTunes, the official interface of the iPhone/iPod, does not allow file system navigation, most users won't be able to fix it by themselves, said Radware.

"While vendors are struggling to push new products and applications, it is evident that security still remains a secondary concern," said Itzik Kitler, Radware security operation center manager, in a written statement. "Hackers continue to misappropriate other people's software and their job is made easier by design flaws embedded into software products."

Sponsored post

So far, the vulnerability is only in the proof-of-concept stage, and has not yet been exploited in the wild. However, that will likely change as the iPhone becomes more popular and marketshare increases, experts say.

"Though it looks like a nuisance, the fact is that a more sophisticated hacker could use iPhone vulnerabilities to shut services down or install malware," said Ron Meyran, product marketing manager for Radware, via e-mail from Israel. "iPhone is about user mobility, which in turn exposes users to attacks and bypasses the security perimeter deployed by enterprises."