iPhone Denial of Service Vulnerability

Radware today discovered the iPhone Safari browser is vulnerable to denial of service attack. The specific model being tested was the Apple iPhone1.1.4.

In order to experience this problem a user must browse to a website containing malicious Javascript code. Once there, the code can trip up the browser and iPhone — making it crash.

According to Radware, the Apple iPhone Safari browser is vulnerable to DoS attacks due to a design flaw that may be triggered by a series of memory allocation operations on the dynamic memory pool, which in turn triggers a bug in the garbage collector. The security hole is currently unpatched, leaving iPhone owners vulnerable to potential attacks until Apple issues a security update.

Assuming virus writers decide to exploit such security holes we may run into a situation where handheld device makers will have to ensure their devices have enough memory to handle endless security patches. Just as laptop and desktop computers get slower over time due to endless security program updates, internet connected gadgets will likely have similar issues.

In such a scenario, the winners will be the security software writers and gadget makers as users will likely be forced to upgrade their devices on a regular basis to ensure their handheld computers are responsive.

[Press release]

    Leave Your Comment