terça-feira, 20 de maio de 2008

iPhone Denial of Service Exploit

Leiam está notícia publicada na MacInTouch:
 
We confirmed an iPhone denial-of-service vulnerability, hard-crashing an iPod Touch with this sample exploit, which posts a confirmation screen before doing its damage.

Full Disclosure: iPhone remote DoS :(
  Hi, my friend g0tcha and myself came across a remote DoS (I know it sucks) in iPhone (tested on 1.1.2) while looking for a jailbreak for 1.1.3. By browsing to http://open-security.org/ifuk.html you can trigger the following:
# /Applications/MobileSafari.app/MobileSafari
2008-01-22 13:27:04.668 MobileSafari[230:d03] Safari got memory level
warning, killing all documents except active.
2008-01-22 13:27:06.081 MobileSafari[230:d03] Safari got memory level
warning, killing all documents except active.
which creates a Kernel panic

Apple iPhone 1.1.3 remote DoS exploit
  The Apple iPhone remote DoS for 1.1.2 was discovered by c0ntex, but it actually works on 1.1.3 as well. After further research it also appears that this was a known issue with Firefox version 1.5.04 and was effected cross-platform. Called Mozilla Firefox JavaScript navigator Object Vulnerability. I recommend you disable Java until Apple releases a fix or patch.

Postado por Aureo Monteiro Tavares da Silva às 12:36:00

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)