-
Website
http://www.iphoneworld.ca/ -
Original page
http://www.iphoneworld.ca/news/2008/03/18/new-iphone-safari-remote-dos-exploit-locks-up-your-iphone-by-simply-visiting-a-malicious-page/ -
Subscribe
All Comments -
Community
-
-
Top Commenters
-
Popular Threads
- Download best free iPhone / iTouch video format converter / DVD ripper for Windows: XViD4PSP v6.0 Beta
- Download: iRinger 2.6.0 free iPhone ringtones maker / creator / converter (Windows)
- Download: blackra1n for Mac / Windows (free iPhone / iPod Touch jailbreak tool)
- Verizon hoping to mend Bad Blood with Apple
- Eco-friendly iPhone 3GS leather cases from iAccessory.ca
Dennis
nice script, it includes FUCK BILL phrase :-)
Copyright Georgi Guninski
Cannot be used in vulnerability databases
Especially securityfocus/mitre/cve/cert
It is a little bit irresponsible to release the source code of this exploit.
These things should be submitted to Apple but not the general public.
1. The simple javascript asks for MORE MEMORY than ANY phone would have. My work PC (IE6?) locked up trying to execute this. I doubt ANY PC could actually "correctly" handle a page including this script. Some could _appear_ to freeze while correctly processing the script, due to the huge amount of data sloshed around. Reports of "crashes" might merely indicate that the browser was working its tail off, and not showing any progress.
2. Pushing the limits such as above is in the highest tradition of finding exploitable browser problems. However, it does NOT appear that the "exploit" is doing anything other than pushing the browser past its limits. Whatever state the iPhone (or my IE6!) is left in, quite possibly it's to trash the browser session, which would have the OS (X) recycle the used memory, leaving NO RISK of trying to execute code in the created garbage. Yes, it MIGHT, but I think not, and it's certainly not shown.
3. So this is not so much a Denial of Service -- by which, most people mean, asking a SERVER to do so much useless work that it can't do its intended work. Rather, it's more like a suicide loop -- if it actually locks up the browser, running some impossible requests, you might have to just turn off the phone. (You might have to just receive a call, which could suspend the browser, just as effectively. YAY for no multitasking! ;^> )
4. Let's call it a Hopeless Task -- legal, but beyond the capabilities of the nifty gizmo that some of us (not me, alas!) carry around. If this happens to you from visiting a web site, and you go back more than once, you're a Slow Learner. That self-realization might be a Good Thing; a couple of minutes appears to be the extent of the damage that this little gem can inflict.
5. My RAZR locks up ALL ON ITS OWN these days: I don't need no script kiddy's stuff.
6. Until somebody shows that a failure to deliver memory to Safari leaves the browser in an unstable state (not a "dead" state), this thing has not crossed the threshold of being even a POTENTIAL EXPLOIT. It indicates that no computer has infinite resources. Perhaps some users would be happier with a slower computer that checks whether each step of a webpage is possible before it carries them out. Personally, I'll risk having a faster browser which might require me to power-cycle my phone if I'm so unfortunate as to visit some page that wants to cause me a nuisance.
7. So, iPhoneWorld, what's the big deal? It's a practical joke on the level of setting a bag full of doggie poo on fire, then ringing somebody's doorbell. And it's being written up as Yeah Those iPhones are buggy and virus-prone. Is this what you want to sell? Need a few more thousand eyeballs who are likely to think your ads are more believable than your editorial?
Im a blogger too, and I really hate posting negative comments about writers on blog sites, but this news really struck a nerve in me. don't you guys have any technical staff to confirm this news? if this is in fact what you call "remote execution DoS vulnerability"?
come on, you've got to be kidding me. read the code, you posted it yourself. all this code really does is loop a thousand times and uses most of the memory on your phone/machine.
yes, you do experience crashes, this is because, it hogs all the memory, it eats up a lot of it, faster than your machine can recycle/reuse it. but this is in no such way a DoS problem.
a DoS is much more complicated than this. all you even have to do if you encounter this is to reboot you phone or close your browser whereas if you do get a DoS problem, rebooting won't solve anything, in other words, you're f*cked up!
this is a prank, no other word for it. maybe that is why Apple didn't comment on it right away. maybe they tried to look at the code, saw it and laugh their asses of about how you people made it such a big deal.
Ends up with a popup that says "The page at www.iphoneworld.ca says: done generating" and then opens a new tab and displays this:
Copyright Georgi Guninski
Cannot be used in vulnerability databases
Especially securityfocus/mitre/cve/cert
Not sure if you're getting the point of this article. I won't address all your questions/assumptions since some are completely silly and I am simply not paid to be your tech instructor.
Here's all I will say:
1) This is a remotely executed code that does not require user input.
2) It does not crash ONLY Safari, it completely locks up your iPhone INCLUDING all running and unsaved applications, forcing a reboot.
3) Combine #1 + #2 and bingo, remote denial of service.
4) Walt, this does NOT crash my machine which is an old one (only 1GB RAM, 2GHZ CPU) in *any* browser -- maximum that happens when it runs on my computer is Safari freezes -- FireFox and IE work just fine. I'd suggest you to troubleshoot your machine if IE freezes your computer. And I do sympathize with your RAZR crashing for no reason. Between the two, you might want to service your electronics better.
5) Frantz, you need to look up the Wikipedia definition of DoS before you go ahead and invent your own.
Lastly, we have a resident security expert who first reported on this vulnerability to us, and we stand by these findings.
Now you can keep arguing and bringing up your own assumptions and self invented definitions that no one is familiar with, but it won't change a thing in the real world. Thanks for your time!
Dennis
However, in the iPod touch 1.1.4, nothing erroneous happened. Safari keeps trying to load it but it doesn't crash either the browser or the iPod touch. I can easily tell Safari to stop loading it. I can also use the home button.
Ahh.. why are you aiming at Walt/Frantz when you can't read the article you post/link to yourself?
DoS is aimed at SERVERS, not ONE User loading ONE page one their own computer!
It's a BUG - yes, but DoS means that one or more computers are aiming at YOUR computer in an attempt to take it's services down. And since there is NO HTTP server running on your iPhone/iTouch (unless you hacked it and started one yourself) it will not be possibe to make a DoS against the iPhone.
Only way I see it coming, is if you get bombed with SMS's that crash you iPhone.. now THAT would be a DoS attach!
Are you implying that DoS attacks cannot be executed against individual computers/other devices and by default have to be against servers?
I'll refer you to parts of the same Wikipedia article I've quoted from earlier, thanks.
In case you still want to argue more, read: http://en.wikipedia.org/wiki/Denial_of_service
I'm not going to respond anymore to people that don't know how to read/understand Wikipedia articles -- or until someone changes the Wikipedia entry, thanks :)
If someone has something constructive to say, you're quite welcome though:)
Dennis
Safari 3.1 (Mac OS X 10.5.2, Intel) displayed the text and then hung. I was still able to force quit Safari quite easily, though.
iPhone 1.1.4 locked up. Hard. I had to do a hard reboot.
Congratulations, guys. Make sure you keep One Infinite Loop in the loop.