The iPhone’s Safari Exploit

A Safari exploit has been discovered that stretches from the Mac/PC version of Safari to the iPhone/iPod version. For the Mac/PC version, the exploit would just cause Safari to crash, but the iPhone/iPod version causes your device to entirely lock up. Not the worst damage ever, but you could lose data.

What makes this exploit somewhat threatening is it involves no user interaction. Visiting a website with the code is enough.

I am not harping on Apple for having an exploit. Exploits are found even in the best programmer’s code. I am, however, saying Apple made a mistake in the way they have patched it.

Safari 3.1 contained a patch to this exploit, but it remains unpatched on the iPhone. Meaning there is the source code for this exploit on the Internet, it’s widely know, and open to attack. We all must wait until the next iPhone/iPod Touch update for a patch as well. You can see how this situation is potentially threatening.

If you are that concerned you can disable Javascript on the iPhone to prevent the vulnerability from effecting you. At this point, I don’t believe that’s required.

See More:
iPhone World Article