New research has concluded that the Safari browser of the iPhone 1.1.4 is vulnerable to attacks, which may lead to service denial and in turn, result in a system crash. This design flaw was detected by the researchers at Radware, an application delivery solutions company, earlier this week. The researches say the flaw triggers a series of “memory allocation operations on its memory pool”, which then triggers another different bug within its garbage collector.
To exploit Safari’s vulnerability, an iPhone user would have to open any malicious HTML pages that contain Javascript, usually as a social engineering tactic like e-mail phishing. The Radware researchers say that in a worst-case scenario, the users would experience a denial of service attack, which could result in crash of the entire Safari browser. Once the browser crashes, its malfunction could escalate to a point of paralyzing the entire iPhone.
To exploit Safari’s vulnerability, an iPhone user would have to open any malicious HTML pages that contain Javascript, usually as a social engineering tactic like e-mail phishing. The Radware researchers say that in a worst-case scenario, the users would experience a denial of service attack, which could result in crash of the entire Safari browser. Once the browser crashes, its malfunction could escalate to a point of paralyzing the entire iPhone.
