Text Size
Code crashes Safari in iPhone 1.1.4, fixed for Mac/PC
updated 12:30 am EDT, Wed March 19, 2008
Code crashes iPhone 1.1.4
A new exploit has surfaced for the iPhone's Safari browser that, while drawing parallels to an earlier issue, requires no user input to function. According to iPhone World, the vulnerability is triggered by previously conceived code that has been refined in the above manner. The issue affects firmware version 1.1.4 iPhones, and presumably previous versions. Safari on the Mac and PC were also affected by this vulnerability, but it was recently fixed in Safari 3.1, released today.
The exploit requires a certain JavaScript argument to function and will most likely not be fixed until the next firmware version is released.
Security
03/19, 04:58am reply
If JavaScript is a security issue on the iPhone i don't want Java or any other 3P scripting software on it, Apple could never secure the device.
Peter Bonte
Fresh-Faced Recruit
Joined: Aug 2001
If only
03/19, 09:35am reply
If only there was a way to fence in these plugins to limit access to a particular portion of the device's resources. Of course that leaves the browser vulnerable to crashing. No, I guess Apple will have to stick to their SDK agreement guns to keep this smartphone, well, 'smart.'
danviento
Fresh-Faced Recruit
Joined: Dec 2005
security
03/19, 09:40am reply
It's not so much of a security issue as a poor programming issue. There should be no way any OS should lock up when dealing with a Javascript. This is probably why it has taken apple so long to produce an SDK, and why it's still several months, if not more, before apps will be runnable.
Sounds like the took the MS way of programming. "Let's get it working and out there, then we can come back and make it stable and secure!"
testudo
Fresh-Faced Recruit
Joined: Aug 2001