March 18, 2008 10:14 AM PDT

Web code locks up iPhones and iPod Touch

Posted by Robert Vamosi

A new exploit will either lock up your iPhone or iPod Touch or crash your Safari browser on your PC or Mac OS desktop if you simply visit a maliciously coded Web site. Unlike an earlier exploit that required users to click to become infected, the new code published by iPhoneWorld requires no user interaction.

So far, Apple has had no comment.

The code was first reported in January and exhausts the memory in Safari, which in turn will cause your iPhone or iPod Touch to freeze, or your desktop Safari to crash. "Given the nature of this issue," said the BugTraq newsgroup vulnerability report, "remote code execution may also be possible, but this has not been confirmed."

There is no patch available from Apple. The recommended workaround is to disable Javascript within Safari. To do so:

    1. Under Edit, click Preferences.
    2. Click the Security icon.
    3. Uncheck Enable JavaScript.
    4. Close and restart Safari.
Topics:

Security

Tags:

security,

Apple,

Iphone,

Ipod Touch,

Safari,

memory exhaustion,

DoS,

crash,

iPhoneWorld

Bookmark:
Digg
Del.icio.us
Reddit
Recent posts from Defense in Depth
Column: Raising Cain at Black Hat
Black Hat 2008: Notes from the field
Column: Finally, ID fraud protection that works
Column: Will you be ditching your antivirus app anytime soon?
A real simple answer to password protection
Add a Comment (Log in or register) 16 comments
Interesting but....
by mreiher March 18, 2008 10:25 AM PDT
Since January huh? Must not be too bad... I have yet to have any
trouble with Safari or my iPhone... both are used daily and often.
But then again, I don't visit the kind of sites that might bring on
this sort of attack either. Maybe this report is a little overstated?
Reply to this comment View all 2 replies
Which version(s) of Safari?
by henebry March 18, 2008 11:00 AM PDT
Apple just released version 3.1 of Safari for Macs and PCs. Does the
exploit work with the new release?

Does it work on the older 2.x Safari as well? What about 1.x?
Reply to this comment View all 3 replies
I love it !!!
by AppleSuxLeo March 18, 2008 7:30 PM PDT
now that Apple has a product that is a big target , we get to see just how INSECURE OSX really is.
It will be fun seeing how Apple and it`s fanboys try and spin all the attacks that are just starting , and there will be many more to come.
Reply to this comment View all 3 replies
LOCK UP STORY
by flyboy15 March 18, 2008 10:07 PM PDT
yes i think this is what happend to me yesterday, the iphone started working slowly, when i was checking the stocks, after that it froze when i checked the wheather, and after that none of the buttons would work, so i turned off and turned it back on. the next was that it told me to connect it to itunes. when i did it told me it had a error and i need to take it to apple store....
Reply to this comment
FIXED in Safari 3.1
by whosawhatsit March 19, 2008 5:23 AM PDT
Gotta love Apple for being prompt!
Reply to this comment
funny how I'm typing this on an archos 605.
by emoslayer6224 March 22, 2008 8:39 AM PDT
that's why I'm using this. Fame means threats.
Reply to this comment
Fantastic, but no mention for ipod touch or iphone
by thesplintercell March 22, 2008 7:09 PM PDT
?? i think your column is missing something...
mentioned ipod touch and iphone, but your only focus was with the computer-versions of safari...
Reply to this comment
Powered by Jive Software
advertisement

About Defense in Depth

Covering computer viruses and computer crime, Robert Vamosi goes beyond the hype to provide you with expert interviews of the top security researchers, as well as offering the hands-on, nontechnical advice you'll need to stay safe online.

Add this feed to your online news reader

Defense in Depth topics

Latest tech news headlines

Featured blogs

Resource center from News.com sponsors
Same great protection. Reengineered for speed.
Norton Internet Security™2008

Click Here!
Norton still delivers award-winning protection and now uses 83% less memory and scans 48% faster than the competitor average. Get a FREE trial today!

Click Here!
Norton Beats the Competition

See how Norton Internet Security™2008 uses less memory, while scanning and booting faster than the competitor average.

Norton Protection Blog

Read the latest from our security experts as they help protect people from evolving online threats.

Protect Your Bluetooth Connection

Don't let fraudsters sink their teeth into your Bluetooth connection.

Vishing - What you need to know

Meet the latest ID theft scam: Voice Phishing.

Take Norton for a Test Drive Today!

Act now to get your FREE trial of Norton Internet Security 2008.

advertisement
advertisement
Click Here

Inside CNET News

Scroll Left Scroll Right
News
Latest news
Business tech
Green tech
Wireless
Security
Media
Popular topics
Apple iPhone
Apple iPod
Dell
PlayStation 3
Wii
Windows Vista
CNET sites
CNET TV
Downloads
Forums
News
Reviews
Site map
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET