macnn

03/19/2008, 12:30am, EDT

Wednesday, March 19th

Code crashes Safari in iPhone 1.1.4, fixed for Mac/PC

A new exploit has surfaced for the iPhone's Safari browser that, while drawing parallels to an earlier issue, requires no user input to function. According to iPhone World, the vulnerability is triggered by previously conceived code that has been refined in the above manner. The issue affects firmware version 1.1.4 iPhones, and presumably previous versions. Safari on the Mac and PC were also affected by this vulnerability, but it was recently fixed in Safari 3.1, released today.

The exploit requires a certain JavaScript argument to function and will most likely not be fixed until the next firmware version is released.


Filed under: iPhone, Apple, security, hacks
Other story tags: Safari, firmware, vulnerability, exploit, code

, , 3comments, del.icio.us, slashdot, digg, buzz


3 comments
Reader Reactions (Please use <i></i> for italic text)

subscribe to comments
for this article




Expand All   Global Settings
Security
0
03/19, 4:58am, EDT
If JavaScript is a security issue on the iPhone i don't want Java or any other 3P scripting software on it, Apple could never secure the device.
Fresh-Faced Recruit
Joined Aug 2001
User is offline
If only
0
03/19, 9:35am, EDT
If only there was a way to fence in these plugins to limit access to a particular portion of the device's resources. Of course that leaves the browser vulnerable to crashing. No, I guess Apple will have to stick to their SDK agreement guns to keep this smartphone, well, 'smart.'
Fresh-Faced Recruit
Joined Dec 2005
User is offline
security
0
03/19, 9:40am, EDT
It's not so much of a security issue as a poor programming issue. There should be no way any OS should lock up when dealing with a Javascript. This is probably why it has taken apple so long to produce an SDK, and why it's still several months, if not more, before apps will be runnable.

Sounds like the took the MS way of programming. "Let's get it working and out there, then we can come back and make it stable and secure!"
Fresh-Faced Recruit
Joined Aug 2001
User is offline
Your Comments

In order to post comments: If you are a registered member, please login with your MacNN Forums username and password otherwise please uncheck the checkbox below.


Registered Member?
macnn forums login:

macnn forums password:

Not a member of the MacNN forums? Register now for free.

RSS Feeds

Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.



  MacNN -all

  MacNN Reviews

  MacNN Podcasts

  iPodNN

  Electronista

  Left Lane News
Turn your laptop into CASH: Sell us your used laptop. Working or not. Get money FAST. Instant online quote. Shipping is FREE.

Check Out the VIERA from Panasonic!: Enter a New Visual Era with Panasonic VIERA HDTVs. An Enhanced Experience.

Free New Laptop Computer: Free New Laptop, You Pick Brand and Model, See site for More details.

Personalized Dorm Gifts: Custom Gifts For College Students. Towels, Mugs & More. Visit Today.

Need Mac Help?: Nationwide Onsite Service & Support Troubleshooting, Upgrades, Training troubleshooting, Training, Networking, Upgrades, G Buy from The Apple Store, iTunes.com, Amazon.com, TechDepot, OfficeDepot, Computers4Sure, or donate.