NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0389 JavaScript Code Crashes iPhone, iPod
Touch:
Security researchers have discovered a JavaScript exploit that
can crash an iPhone through a malicious Web page, according to an online IT news
report. Dubbed a "memory exhaustion remote denial-of-service
vulnerability" by the Security Focus Web site, the exploit affects
Apple's Mobile Safari Web browser, a key component of both the iPhone and
the iPod Touch. If an iPhone user can be persuaded to view a specially coded
web page that takes only 19 lines of JavaScript to create, the site will trigger
the handset's version of Mac OS/X to experience a kernel problem and reboot.
There is a possibility the exploit might also allow attackers to load and run
code on the handset, but this has not been confirmed. The exploit was first
discovered last month under version 1.1.2 of the iPhone's firmware, but the
vulnerability is also present in firmware version 1.1.3. Currently, the only
fix is to disable JavaScript, which iPhone and iPod Touch owners can do through
the Safari section of the device's settings application.
(www.reghardware.co.uk 07FEB08)