New iPhone and iPod touch Safari exploit discovered
It's difficult to tell if this is just a little fear-mongering, or cause for real concern, but it looks like there's another iPhone / touch exploit out there lurking on the unseen horizons of those device's browsers. According to reports, a memory exploit -- similar to the previously-patched TIFF exploit -- has been discovered which affects units with firmware 1.0.2 all the way up to 1.1.3, thus carrying over to new 16GB iPhones and 32GB touches. Apparently, all you have to do is browse over to a site containing the malicious code, and it triggers a memory-exhausting script which causes the phone or iPod to crash. At this point, it doesn't appear to be anything more than a nuisance which can be easily circumvented by disabling JavaScript for Safari, though that hardly qualifies as a fix. To date, Apple hasn't issued a patch for the problem, but keep in mind it's only been a known issue since January 24th.[Via iPhone World]
Filed under: Cellphones
Reader Comments (Page 1 of 1)
jimmy @ Feb 7th 2008 9:29AM
i'm not a fanboy of either pc or mac.. but i hate apple's marketing bs. finally they have a platform with mass appeal that blackhats and whitehats are willing to put effort into exploiting, and the sploits are coming in steadily. so it is nice to finally have proof that apple is only "secure" because no one cared enough to hack them
James Ollier @ Feb 7th 2008 9:50AM
People keep forgetting that Apples software is standalone. No 3rd party protection required, except for the occasional case like this, where its usually fixed within weeks if not days.
On the other hand, plug a PC into the net without 3rd party protection, and it'll last for days, forget weeks.
James Ollier @ Feb 7th 2008 9:51AM
People keep forgetting that Apples software is standalone. No 3rd party protection required, except for the occasional case like this, where its usually fixed within weeks if not days.
On the other hand, plug a PC into the net without 3rd party protection, and it'll last for days, forget weeks.
Bender Bending Rodriguez @ Feb 7th 2008 9:54AM
It's a brand new platform. Sure it's based off their Mac OS X and uses the exact same kernel, but all the upper layer apps had to be rewritten.
I only recall reading about two exploits, yet there are many more for Symbian, Linux and Windows Mobile. An exploit that auses Safari to crash, it shouldn't exactly be compared with a self-propagating virus.
As for the Marketshare excuse, Apple has sold 4M iPhones in a 1B+ market, while it sold over 5x as many Macs as iPhones and has an installed base several times greater than that in a market that is much lower than the cell market.
Should we laugh at Apple? Sure, why not, but don't spread FUD about marketshare and installed base being the reason when other OSes still dominate.
Rich @ Feb 7th 2008 10:52AM
@Bender
"I only recall reading about two exploits, yet there are many more for Symbian, Linux and Windows Mobile. An exploit that auses Safari to crash, it shouldn't exactly be compared with a self-propagating virus."
There hasn't been a single exploit for Symbian and I can only remember one for Windows Mobile.
In the case of Symbian, you're probably thinking of the malware that ran on pre-v9 phones. The only "exploit" was that of a dumb user who would install unknown software and ignore several security warnings. The malware didn't exploit any security hole in the operating system and would work just as well on a Mac, PC or jailbroken iPhone.
Ryan Karolak @ Feb 7th 2008 12:15PM
You have a good point, but keep in mind that Mobile OS X and the desktop OS X are quite different, just in case you were alluding to Macs.
Muu @ Feb 7th 2008 9:31AM
Safari on the Touch seems to crash after viewing overly large pages anyway. Hell, half the time when I try to view gadget blogs like engadget the thing dies on me after I get to the second page.
Aron Trimble @ Feb 7th 2008 9:33AM
Wait, I thought Safari crashing on large sites was a feature - now I found out I'm being hacked!
Oy vey..
PEZ @ Feb 7th 2008 10:50AM
Yep. I would imgine most mobile browsers that try and open a "real" web page would crash. Though, my Sidekick dosnt seem to :)
CraigJ @ Feb 7th 2008 10:58AM
I have been working with their web dev tools for iPhone, and found this:
JavaScript execution time is limited to 5 seconds for each top-level entry point.
If your script executes for more than 5 seconds, Safari stops executing the script. This is likely to occur at a random place in your code, so unintended consequences may result.
This limit is imposed because JavaScript execution may cause the main thread to block, so when scripts are running, the user is not able to interact with the webpage.
I have not encountered too many problems with Engadget, actually I think Engadget crashes Firefox as frequently as it stops working on the iPhone, and generally a refresh fixes it on the iPhone.
I have encountered situations, however, where safari on the iPhone just up and dies... It doesn't happen too often, and I've not been able to determine a pattern, but it is annoying.
Blaktornado @ Feb 7th 2008 2:05PM
Yeah but the Engadget feed even makes the FULL version of Safari die... so Engadget is obviously a site you should avoid if you're a Safari user of some description xD
... Although that's never stopped me.
BobTurbo @ Feb 7th 2008 9:31AM
No comments please.
Ryan Worrell @ Feb 7th 2008 9:38AM
So I assume this isn't exploitable for jailbreak purposes eh?
Pismodude @ Feb 7th 2008 9:51AM
Thank goodness for my buddies at Engadget telling me about this issue! If it wasn't for you, my iPhone would crash all the time!
Now, I just need to remember not to visit any of the sites that are on that handy list they gave me... They didn't put a list up there? Hmmmm. Not even one horrible, deadly, link? Ok then, two words: PROVE IT.
Jeff @ Feb 7th 2008 9:55AM
You can use this to your advantage if you are running < 1.1.3 firmware. Before 1.1.3, all applications ran as root. With this knowledge hackers were able to use the Safari bug to gain access to the root.
1.1.3 runs under a different account that doesn't have access to the root.
Kizorblade @ Feb 7th 2008 10:03AM
Well, why should they put a scary link up there saying "DO NOT CLICK ON THIS LINK"
I know I would click it.
Bloatedsack @ Feb 7th 2008 12:01PM
Yeah, how long until jailbreakme.com will hack the phone and close the hole for me?
nathan @ Feb 10th 2008 1:03PM
TFA: "Given the nature of this issue, remote code execution may also be possible, but this has not been confirmed."
So, it may or may not allow a possible jailbreak exploit, plus the issue of running as not as root on 1.1.3 is an issue, though I'm not sure how much of one as root passwords are all the same per a firmware version and well known :)
David Vogt @ Feb 7th 2008 9:58AM
Man, what would the day be without Engadgets 5-10 daily iPhone posts?
Anthony @ Feb 7th 2008 10:02AM
I imagine something like the last few weeks.
Karl Viklund @ Feb 7th 2008 1:55PM
Stop whining.
Jay @ Feb 7th 2008 10:00AM
"On the other hand, plug a PC into the net without 3rd party protection, and it'll last for days, forget weeks"
Actually it can last for years, at least my PCs have. I've never run virus/worm software, they're on 24/7 with an always on Broadband connection. 0 problems.
Daniel D @ Feb 7th 2008 10:10AM
That you are aware of?
How do you know someone isn't using your PC for sending spam or other such lark?
Cowboy @ Feb 7th 2008 10:34AM
What OS are you running? If it's anything by Microsoft, your claim doesn't hold water, son.
kjb434 @ Feb 7th 2008 10:31AM
I do the same thing. It's called firewall. I would easily say that 99% of all viruses and malware are user imposed. You chose to go to a website or open an email from someone you don't know and you get something.
Anti-Virus and Anti-Spam software is waste of money on competent computer users.
I haven't used Anti-Virus/Spam software in years. And my computer runs better for it.
batfastad @ Feb 7th 2008 10:34AM
I agree with this and XP Pro.
Been running XP Pro as a home server hooked up to my HD TV for a few years now and not had any problems. AVG Pro Spyware still reports nothing.
Obviously the user needs to not be a complete tool, and use Firefox / Opera for browsing the web. And not go to dodgy websites and install any strange 3rd party apps.
CraigJ @ Feb 7th 2008 11:16AM
I do not use Virus protection software on my Windows box either, my machine is on a broadband connection, and I have never had a problem. I do have a good firewall though.
I just don't open attachments or install shit from the web unless I know where it came from.
DownwardMonkey @ Feb 7th 2008 4:39PM
If you're all so sure that running Windows with a software firewall is safe, post your IP addresses.
I'm not aiming this at anyone here personally but I get tired of "IT people" and "security people" telling me almost monthly that Windows is fine with a firewall and yet none of them couldn't actually write a "hello world" program let alone a piece of Malware.
Abuzar @ Feb 7th 2008 4:51PM
72.40.38.70
CanCar @ Feb 7th 2008 10:33AM
If you analyze the iPhone multimedia capacities, we could call it "iPod that is a phone". After all, iPod of touch screen joint great part of the interface characteristics and design of iPhone. Talking about the functionality, iPod touch is identical. Doing tap on Music and you will see the same options that are obtained in iPhone, with for lists of reproduction, artists, songs, video and more located in the inferior part of the screen.
Kizorblade @ Feb 7th 2008 10:43AM
And this is related to Safari being exploited how?
PreGHz @ Feb 7th 2008 10:55AM
Oh snap, he went there!
Cancar, what's your comeback!?
xbit @ Feb 7th 2008 1:33PM
@Bender
As I said, they're not viruses - they're malware.
They don't exploit any hole in the security of the operating system (like this Safari exploit does). They rely on the user purposefully and willingly installing them. A virus spreads without user interaction.
It's the same as me writing an application for Mac OSX that wipes the hard-drive and then releasing it to the public. Is it dangerous? Yes, but it still relies on someone downloading it and installing it. It's easy enough to do but it's not a virus or an exploit.
Bender Bending Rodriguez @ Feb 7th 2008 11:42AM
@ Rich,
Commwarrior.C, Cabir Virus and Drever-C Trojan are a few I recall for Symbian.
I don't think an exploit that made a Symbian browser crash is newsworthy enough for Engadget. I think it should be, especially when a fix comes out. Perhaps Engadget needs an "exploits of the week/ month" page which lists issues and their fixes, like the recalls section of Consumer Reports.
uberfu @ Feb 7th 2008 11:00AM
If you put a FULL Operating System on anything - it becomes an open target for Malware people_
Shawn @ Feb 7th 2008 11:40AM
Big deal. This problem has known for years. It's called MySpace.
SteveS @ Feb 7th 2008 12:18PM
Shouldn't the iPhone/Touch platform have a name by now? Something stupid like MoOSX or OSX-To-Go?
something @ Feb 7th 2008 12:39PM
MoOSX --> "Moose-X"... I like it
Abuzar @ Feb 7th 2008 4:53PM
Moose Sex?
m-p{3} @ Feb 7th 2008 12:48PM
What a perfect example to say that a safe computer is one that is not connected to a network ?
Karl Viklund @ Feb 7th 2008 1:55PM
I guess it will be patched soon. Strange that you got the new up now it it has been known for so long. Since the Apple iPhone got a real browser with all the features there are bound to be security flaws like in any other browser. There is allot of focus on the Apple iPhone now since it is the device that revolutionized and re-invented the browsing of the web from mobile devices. The mobile web has really gotten a big push with the iPhone.
sinai @ Feb 7th 2008 2:25PM
just fyi, apple has plenty of bugs that aren't patched for several YEARS. for example:
http://docs.info.apple.com/article.html?artnum=25466
still happens in 10.4.9+
Joe Anstine @ Feb 8th 2008 12:42AM
was this one written by a 12 year old, too?