http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/ Engadget Comments for New iPhone and iPod touch Safari exploit discovered http://www.engadget.com/media/feedlogo.gif http://www.engadget.com en-us Copyright 2012 Weblogs, Inc. The contents of this feed are available for non-commercial use only. Blogsmith http://www.blogsmith.com/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/Feb 7th 2008 9:38AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/Now, I just need to remember not to visit any of the sites that are on that handy list they gave me... They didn't put a list up there? Hmmmm. Not even one horrible, deadly, link? Ok then, two words: PROVE IT.]]>Feb 7th 2008 9:51AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/
1.1.3 runs under a different account that doesn't have access to the root.]]>Feb 7th 2008 9:55AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/
I know I would click it.]]>Feb 7th 2008 10:03AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/Feb 7th 2008 12:01PMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/
So, it may or may not allow a possible jailbreak exploit, plus the issue of running as not as root on 1.1.3 is an issue, though I'm not sure how much of one as root passwords are all the same per a firmware version and well known :)]]>Feb 10th 2008 1:03PMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/Feb 7th 2008 9:29AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/
On the other hand, plug a PC into the net without 3rd party protection, and it'll last for days, forget weeks. ]]>Feb 7th 2008 9:50AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/
On the other hand, plug a PC into the net without 3rd party protection, and it'll last for days, forget weeks. ]]>Feb 7th 2008 9:51AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/
I only recall reading about two exploits, yet there are many more for Symbian, Linux and Windows Mobile. An exploit that auses Safari to crash, it shouldn't exactly be compared with a self-propagating virus.

As for the Marketshare excuse, Apple has sold 4M iPhones in a 1B+ market, while it sold over 5x as many Macs as iPhones and has an installed base several times greater than that in a market that is much lower than the cell market.

Should we laugh at Apple? Sure, why not, but don't spread FUD about marketshare and installed base being the reason when other OSes still dominate.]]>Feb 7th 2008 9:54AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/"I only recall reading about two exploits, yet there are many more for Symbian, Linux and Windows Mobile. An exploit that auses Safari to crash, it shouldn't exactly be compared with a self-propagating virus."

There hasn't been a single exploit for Symbian and I can only remember one for Windows Mobile.

In the case of Symbian, you're probably thinking of the malware that ran on pre-v9 phones. The only "exploit" was that of a dumb user who would install unknown software and ignore several security warnings. The malware didn't exploit any security hole in the operating system and would work just as well on a Mac, PC or jailbroken iPhone.]]>Feb 7th 2008 10:52AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/Feb 7th 2008 12:15PMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/Feb 7th 2008 9:31AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/
Oy vey..]]>Feb 7th 2008 9:33AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/Feb 7th 2008 10:50AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/JavaScript execution time is limited to 5 seconds for each top-level entry point.
If your script executes for more than 5 seconds, Safari stops executing the script. This is likely to occur at a random place in your code, so unintended consequences may result.
This limit is imposed because JavaScript execution may cause the main thread to block, so when scripts are running, the user is not able to interact with the webpage.

I have not encountered too many problems with Engadget, actually I think Engadget crashes Firefox as frequently as it stops working on the iPhone, and generally a refresh fixes it on the iPhone.

I have encountered situations, however, where safari on the iPhone just up and dies... It doesn't happen too often, and I've not been able to determine a pattern, but it is annoying. ]]>Feb 7th 2008 10:58AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/
... Although that's never stopped me.]]>Feb 7th 2008 2:05PMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/Feb 7th 2008 9:31AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/Feb 7th 2008 10:33AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/Feb 7th 2008 10:43AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/
Cancar, what's your comeback!?]]>Feb 7th 2008 10:55AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/As I said, they're not viruses - they're malware.

They don't exploit any hole in the security of the operating system (like this Safari exploit does). They rely on the user purposefully and willingly installing them. A virus spreads without user interaction.

It's the same as me writing an application for Mac OSX that wipes the hard-drive and then releasing it to the public. Is it dangerous? Yes, but it still relies on someone downloading it and installing it. It's easy enough to do but it's not a virus or an exploit.]]>Feb 7th 2008 1:33PMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/Feb 7th 2008 9:58AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/Feb 7th 2008 10:02AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/Feb 7th 2008 1:55PMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/
Actually it can last for years, at least my PCs have. I've never run virus/worm software, they're on 24/7 with an always on Broadband connection. 0 problems.]]>Feb 7th 2008 10:00AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/
How do you know someone isn't using your PC for sending spam or other such lark?]]>Feb 7th 2008 10:10AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/Feb 7th 2008 10:34AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/
Anti-Virus and Anti-Spam software is waste of money on competent computer users.

I haven't used Anti-Virus/Spam software in years. And my computer runs better for it.

]]>Feb 7th 2008 10:31AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/
Been running XP Pro as a home server hooked up to my HD TV for a few years now and not had any problems. AVG Pro Spyware still reports nothing.

Obviously the user needs to not be a complete tool, and use Firefox / Opera for browsing the web. And not go to dodgy websites and install any strange 3rd party apps.]]>Feb 7th 2008 10:34AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/I just don't open attachments or install shit from the web unless I know where it came from.]]>Feb 7th 2008 11:16AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/
I'm not aiming this at anyone here personally but I get tired of "IT people" and "security people" telling me almost monthly that Windows is fine with a firewall and yet none of them couldn't actually write a "hello world" program let alone a piece of Malware.]]>Feb 7th 2008 4:39PMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/Feb 7th 2008 4:51PMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/
Commwarrior.C, Cabir Virus and Drever-C Trojan are a few I recall for Symbian.

I don't think an exploit that made a Symbian browser crash is newsworthy enough for Engadget. I think it should be, especially when a fix comes out. Perhaps Engadget needs an "exploits of the week/ month" page which lists issues and their fixes, like the recalls section of Consumer Reports.

]]>Feb 7th 2008 11:42AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/Feb 7th 2008 11:40AMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/Feb 7th 2008 12:18PMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/ "Moose-X"... I like it]]>Feb 7th 2008 12:39PMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/Feb 7th 2008 4:53PMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/Feb 7th 2008 12:48PMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/Feb 7th 2008 1:55PMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/
http://docs.info.apple.com/article.html?artnum=25466

still happens in 10.4.9+]]>Feb 7th 2008 2:25PMhttp://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/http://www.engadget.com/2008/02/07/new-iphone-and-ipod-touch-safari-exploit-discovered/Feb 8th 2008 12:42AM