Malicious website can lock up iPhone/iPod Touch and crash Safari
A new exploit circulating around for the iPhone/iPod Touch requires no user interaction to execute. Websites with specifically written code are able to lock up your iPhone or iPod Touch and can crash your PC or Mac running Safari.
Most versions of Safari are vulnerable to the exploit including the version that runs on the iPhone or iPod Touch. The exploit basically overruns the memory allocated to Safari and will your iPhone or iPod Touch to lock up or Safari on your desktop computer to crash.
According to Cnet, remote code execution may be possible but has not been confirmed at this time. This new exploit is different from an earlier one that requires some user interaction to execute.
iPhone World has published either a text version of the code for your review or the exploit that will run but be warned, it will lock up your iPhone or iPod Touch and crash Safari running on a PC or Mac.
The latest version of Safari for PCs and Macs does not appear to be vulnerable to this exploit. Apple has not commented on the issue but there’s no doubt in my mind the company is working on a firmware update to plug this hole on the iPhone and iPod Touch.
It is highly recommended to upgrade to the latest version of Safari on your PC or Mac and temporarily disable Javascript on your iPhone or iPod Touch as a temporary measure until Apple releases an update.
Related posts:
June 12th, 2010
[...] a “Zune 2.0″ with the (3G) iPhone 2.0 ?iPhone OS 4.0 developer agreement bans use of FlashMalicious website can lock up iPhone/iPod Touch and crash SafariApple changes SDK terms to allow some interpreted code Posted in iPhone | Previous post: [...]