Site Network: | | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

iPhone - Remote hacker automatic control

Version: 1.0
Technical Details:

Numerous vulnerabilities addressed, including:

Safari - XSS vulnerability due to race condition in JavaScript implementation. Another issue, this time heap overflows in PCRE support can lead to arbitrary code execution.

WebCore - HTTP injection in XMLHttpRequest allowing XSS.

WebKit - Poor IDN support allows for URL obfuscation. An additional issue, this time affecting the handling of framesets may lead to arbitrary code execution.


Yesterday Apple released Update 1.0.1 for the iPhone, addressing a number of serious vulnerabilities. Vulnerabilities addressed include issues that would allow for remote control over the iPhone by convincing a victim to view a malicious web page in the iPhone Safari browser and possible temporary loss of phone functionality.

Due to the integration with iTunes, the only way that this update is available is to connect the phone to iTunes and allow its update process to run.


Update to iPhone 1.0.1 via the iTunes updater.


Via iTunes



External Tracking Data:

CVE-ID: CVE-2007-2400 CVE-ID: CVE-2007-3944 CVE-ID: CVE-2007-2401 CVE-ID: CVE-2007-3742 CVE-ID: CVE-2007-2399

Social bookmark this page