iPhone - Remote hacker automatic control
Version: | 1.0 |
Technical Details: | errata security are claiming the discovery of a vulnerability that affects the Safari browser on the iPhone. At this stage details about the level of access that the vulnerability grants have not been disclosed, but it is considered to be at least an application crash, and potentially arbitrary control. Although the exact vulnerability has not been disclosed, knowledge that there are remote code execution vulnerabilities in existence for the desktop Safari browser makes it a reasonable assumption that similar issues will be affecting the iPhone Safari (given that the disclosed issue is similar to one affecting desktop Safari). |
Description: |
After initial speculation that the first general vulnerabilities targeting the iPhone would be discovered within the first few weeks of release, it has been disclosed that at least one vulnerability exists which can allow a remote attacker to gain some level of control / application crash if the user can be tricked into visiting a malicious site using the inbuilt Safari browser. This new issue is an almost exact copy of issues found on the desktop version of the Safari Internet browser, which can give some clues to potential weaknesses to be discovered. |
Mitigation: |
If iPhone users are concerned about the potential risk to their new devices, they should apply caution to the sites that they visit using the inbuilt Safari browser and limit the sites visited to trusted sites only. |
Updates: |
Not Yet Available |
Source: |
http://erratasec.blogspot.com/2007/07/our-first-iphone-bugs.html |
Exploits: |
|
External Tracking Data: | Not Yet Identified |
Social bookmark this page