A new exploit circulating around for the iPhone/iPod Touch requires no user interaction to execute.  Websites with specifically written code are able to lock up your iPhone or iPod Touch and can crash your PC or Mac running Safari.

Most versions of Safari are vulnerable to the exploit including the version that runs on the iPhone or iPod Touch.  The exploit basically overruns the memory allocated to Safari and will your iPhone or iPod Touch to lock up or Safari on your desktop computer to crash.

According to Cnet, remote code execution may be possible but has not been confirmed at this time.  This new exploit is different from an earlier one that requires some user interaction to execute.

iPhone World has published either a text version of the code for your review or the exploit that will run but be warned, it will lock up your iPhone or iPod Touch and crash Safari running on a PC or Mac.

The latest version of Safari for PCs and Macs does not appear to be vulnerable to this exploit.  Apple has not commented on the issue but there’s no doubt in my mind the company is working on a firmware update to plug this hole on the iPhone and iPod Touch.

It is highly recommended to upgrade to the latest version of Safari on your PC or Mac and temporarily disable Javascript on your iPhone or iPod Touch as a temporary measure until Apple releases an update.

Related:

Entry was posted on Sunday, March 23rd, 2008 at 5:39 am under News, iPhone, iPod Touch.  Print This Post

Read more entries by Jonathan Schlaffer.