Radware Discovers Denial-of-Service Vulnerability in Apples’ iPhone Safari Internet Browser
To exploit the vulnerability, an iPhone user must open an HTML page which contains Javascript that manifests this vulnerability, which can be achieved by Social Engineering (e.g. Spam Mail, Spam SMS). The user will experience an application level DoS which results in crashing the Safari browser and which could go as far as crashing the entire iPhone appliance..
"While vendors are struggling to push new products and applications, it is evident that security still remains a secondary concern", says Itzik Kotler, Security Operation Center Manager, Radware. "Hackers continue to misappropriate other people's software and their job is made easier by design flaws embedded into software products".
Apple iPhone Safari browser is vulnerable to DoS attacks due to a design flaw that may be triggered by a series of memory allocation operations on the dynamic memory pool, which in turn triggers a bug in the garbage collector. The security hole is currently unpatched, leaving iPhone owners vulnerable to potential attacks until Apple issues a security update.
About Radware
Radware offers integrated application delivery solutions, assures the full availability, maximum performance, and complete security of business-critical applications for more than 5,000 enterprises and carriers worldwide. With APSolute, Radware's comprehensive and award-winning suite of intelligent front-end, access, and security products, companies in every industry can drive business productivity, improve profitability, and reduce IT operating and infrastructure costs by making their networks "business smart." For more information, visit:
http://www.radware.com
| 
| 
| 
| 
| 
| 
| 
|
|
|
|
| |