New iPhone and iPod touch Safari exploit discovered
By Joshua Topolsky 
posted Feb 7th 2008 9:18AM
posted Feb 7th 2008 9:18AM
It's difficult to tell if this is just a little fear-mongering, or cause for real concern, but it looks like there's another iPhone / touch exploit out there lurking on the unseen horizons of those device's browsers. According to reports, a memory exploit -- similar to the previously-patched TIFF exploit -- has been discovered which affects units with firmware 1.0.2 all the way up to 1.1.3, thus carrying over to new 16GB iPhones and 32GB touches. Apparently, all you have to do is browse over to a site containing the malicious code, and it triggers a memory-exhausting script which causes the phone or iPod to crash. At this point, it doesn't appear to be anything more than a nuisance which can be easily circumvented by disabling JavaScript for Safari, though that hardly qualifies as a fix. To date, Apple hasn't issued a patch for the problem, but keep in mind it's only been a known issue since January 24th.[Via iPhone World]
So I assume this isn't exploitable for jailbreak purposes eh?
Thank goodness for my buddies at Engadget telling me about this issue! If it wasn't for you, my iPhone would crash all the time!
Now, I just need to remember not to visit any of the sites that are on that handy list they gave me... They didn't put a list up there? Hmmmm. Not even one horrible, deadly, link? Ok then, two words: PROVE IT.
You can use this to your advantage if you are running < 1.1.3 firmware. Before 1.1.3, all applications ran as root. With this knowledge hackers were able to use the Safari bug to gain access to the root.
1.1.3 runs under a different account that doesn't have access to the root.
Well, why should they put a scary link up there saying "DO NOT CLICK ON THIS LINK"
I know I would click it.
Yeah, how long until jailbreakme.com will hack the phone and close the hole for me?
TFA: "Given the nature of this issue, remote code execution may also be possible, but this has not been confirmed."
So, it may or may not allow a possible jailbreak exploit, plus the issue of running as not as root on 1.1.3 is an issue, though I'm not sure how much of one as root passwords are all the same per a firmware version and well known :)
i'm not a fanboy of either pc or mac.. but i hate apple's marketing bs. finally they have a platform with mass appeal that blackhats and whitehats are willing to put effort into exploiting, and the sploits are coming in steadily. so it is nice to finally have proof that apple is only "secure" because no one cared enough to hack them
People keep forgetting that Apples software is standalone. No 3rd party protection required, except for the occasional case like this, where its usually fixed within weeks if not days.
On the other hand, plug a PC into the net without 3rd party protection, and it'll last for days, forget weeks.
People keep forgetting that Apples software is standalone. No 3rd party protection required, except for the occasional case like this, where its usually fixed within weeks if not days.
On the other hand, plug a PC into the net without 3rd party protection, and it'll last for days, forget weeks.
It's a brand new platform. Sure it's based off their Mac OS X and uses the exact same kernel, but all the upper layer apps had to be rewritten.
I only recall reading about two exploits, yet there are many more for Symbian, Linux and Windows Mobile. An exploit that auses Safari to crash, it shouldn't exactly be compared with a self-propagating virus.
As for the Marketshare excuse, Apple has sold 4M iPhones in a 1B+ market, while it sold over 5x as many Macs as iPhones and has an installed base several times greater than that in a market that is much lower than the cell market.
Should we laugh at Apple? Sure, why not, but don't spread FUD about marketshare and installed base being the reason when other OSes still dominate.
@Bender
"I only recall reading about two exploits, yet there are many more for Symbian, Linux and Windows Mobile. An exploit that auses Safari to crash, it shouldn't exactly be compared with a self-propagating virus."
There hasn't been a single exploit for Symbian and I can only remember one for Windows Mobile.
In the case of Symbian, you're probably thinking of the malware that ran on pre-v9 phones. The only "exploit" was that of a dumb user who would install unknown software and ignore several security warnings. The malware didn't exploit any security hole in the operating system and would work just as well on a Mac, PC or jailbroken iPhone.
You have a good point, but keep in mind that Mobile OS X and the desktop OS X are quite different, just in case you were alluding to Macs.
Safari on the Touch seems to crash after viewing overly large pages anyway. Hell, half the time when I try to view gadget blogs like engadget the thing dies on me after I get to the second page.
Wait, I thought Safari crashing on large sites was a feature - now I found out I'm being hacked!
Oy vey..
Yep. I would imgine most mobile browsers that try and open a "real" web page would crash. Though, my Sidekick dosnt seem to :)
I have been working with their web dev tools for iPhone, and found this:
JavaScript execution time is limited to 5 seconds for each top-level entry point.
If your script executes for more than 5 seconds, Safari stops executing the script. This is likely to occur at a random place in your code, so unintended consequences may result.
This limit is imposed because JavaScript execution may cause the main thread to block, so when scripts are running, the user is not able to interact with the webpage.
I have not encountered too many problems with Engadget, actually I think Engadget crashes Firefox as frequently as it stops working on the iPhone, and generally a refresh fixes it on the iPhone.
I have encountered situations, however, where safari on the iPhone just up and dies... It doesn't happen too often, and I've not been able to determine a pattern, but it is annoying.
Yeah but the Engadget feed even makes the FULL version of Safari die... so Engadget is obviously a site you should avoid if you're a Safari user of some description xD
... Although that's never stopped me.
No comments please.
If you analyze the iPhone multimedia capacities, we could call it "iPod that is a phone". After all, iPod of touch screen joint great part of the interface characteristics and design of iPhone. Talking about the functionality, iPod touch is identical. Doing tap on Music and you will see the same options that are obtained in iPhone, with for lists of reproduction, artists, songs, video and more located in the inferior part of the screen.
And this is related to Safari being exploited how?
Oh snap, he went there!
Cancar, what's your comeback!?
@Bender
As I said, they're not viruses - they're malware.
They don't exploit any hole in the security of the operating system (like this Safari exploit does). They rely on the user purposefully and willingly installing them. A virus spreads without user interaction.
It's the same as me writing an application for Mac OSX that wipes the hard-drive and then releasing it to the public. Is it dangerous? Yes, but it still relies on someone downloading it and installing it. It's easy enough to do but it's not a virus or an exploit.
Man, what would the day be without Engadgets 5-10 daily iPhone posts?
I imagine something like the last few weeks.
Stop whining.
"On the other hand, plug a PC into the net without 3rd party protection, and it'll last for days, forget weeks"
Actually it can last for years, at least my PCs have. I've never run virus/worm software, they're on 24/7 with an always on Broadband connection. 0 problems.
That you are aware of?
How do you know someone isn't using your PC for sending spam or other such lark?
What OS are you running? If it's anything by Microsoft, your claim doesn't hold water, son.
I do the same thing. It's called firewall. I would easily say that 99% of all viruses and malware are user imposed. You chose to go to a website or open an email from someone you don't know and you get something.
Anti-Virus and Anti-Spam software is waste of money on competent computer users.
I haven't used Anti-Virus/Spam software in years. And my computer runs better for it.
I agree with this and XP Pro.
Been running XP Pro as a home server hooked up to my HD TV for a few years now and not had any problems. AVG Pro Spyware still reports nothing.
Obviously the user needs to not be a complete tool, and use Firefox / Opera for browsing the web. And not go to dodgy websites and install any strange 3rd party apps.
I do not use Virus protection software on my Windows box either, my machine is on a broadband connection, and I have never had a problem. I do have a good firewall though.
I just don't open attachments or install shit from the web unless I know where it came from.
If you're all so sure that running Windows with a software firewall is safe, post your IP addresses.
I'm not aiming this at anyone here personally but I get tired of "IT people" and "security people" telling me almost monthly that Windows is fine with a firewall and yet none of them couldn't actually write a "hello world" program let alone a piece of Malware.
72.40.38.70
@ Rich,
Commwarrior.C, Cabir Virus and Drever-C Trojan are a few I recall for Symbian.
I don't think an exploit that made a Symbian browser crash is newsworthy enough for Engadget. I think it should be, especially when a fix comes out. Perhaps Engadget needs an "exploits of the week/ month" page which lists issues and their fixes, like the recalls section of Consumer Reports.
If you put a FULL Operating System on anything - it becomes an open target for Malware people_
Big deal. This problem has known for years. It's called MySpace.
Shouldn't the iPhone/Touch platform have a name by now? Something stupid like MoOSX or OSX-To-Go?
MoOSX --> "Moose-X"... I like it
Moose Sex?
What a perfect example to say that a safe computer is one that is not connected to a network ?
I guess it will be patched soon. Strange that you got the new up now it it has been known for so long. Since the Apple iPhone got a real browser with all the features there are bound to be security flaws like in any other browser. There is allot of focus on the Apple iPhone now since it is the device that revolutionized and re-invented the browsing of the web from mobile devices. The mobile web has really gotten a big push with the iPhone.
just fyi, apple has plenty of bugs that aren't patched for several YEARS. for example:
http://docs.info.apple.com/article.html?artnum=25466
still happens in 10.4.9+
was this one written by a 12 year old, too?