Radware, who produce enterprise protection software, are claiming to have identified a Denial of Service (DoS) flaw in the iPhone’s mobile Safari browser.  While not yet seen in the wild, the bug is triggered by a Javascript command on a webpage - which Radware propose would be linked to via a spam email or SMS message - and could conclusion in Safari crashing or even the iPhone itself becoming unstable.  The flaw is present in Apple’s latest publicly available firmware, version 1.1.4, though it is uncertain whether Firmware 2.0 is similarly affected.

The exploit works through what Radware are calling a design flaw in mobile Safari, whereby multiple memory allocation operations on the dynamic memory pool trigger a bug in the rubbish collector.  There doesn’t seem to

be a lasting impact on the cellphone - switching it off and soon after on again should reset it - but I can see how that might be less than reassuring to your IT manager at work. 

Apple are yet to address the issue, and Radware would very much like you to buy their safety measure software to prevent against it.  Of course, the obvious advice is - just like browsing the World Wide Web anywhere else - to not visit on hyperlinks from sources you don’t trust, to be cautious about random looking sites and to generally be sensible.  Though that wouldn’t manufacture Radware any money, I suppose.

[via GigaOM]

 

Original post by Chris Davies