Apple iPhone and iPod touch Safari WebKit 'alert()' Function Remote Denial of Service Vulnerability

Bugtraq ID:	31061
Class:	Design Error
CVE:	CVE-2008-3950
Remote:	Yes
Local:	No
Published:	Sep 12 2008 12:00AM
Updated:	Sep 15 2008 02:10PM
Credit:	Nicolas Economou of Core Security Technologies
Vulnerable:	Apple iPod Touch 1.1.4 Apple iPod Touch 2.0 Apple iPhone 1.1.4 Apple iPhone 2.0
Not Vulnerable:	Apple iPod Touch 2.1 Apple iPhone 2.1

Apple iPhone and iPod touch Safari WebKit 'alert()' Function Remote Denial of Service Vulnerability

Apple iPhone and iPod touch are prone to a remote denial-of-service vulnerability that occurs in the WebKit library used by the Safari browser.

Remote attackers can exploit this issue to crash the affected browser installed on the devices, denying service to legitimate users.

The following devices and corresponding firmware are affected:

iPhone 1.1.4 and 2.0
iPod touch 1.1.4 and 2.0

Apple iPhone and iPod touch Safari WebKit 'alert()' Function Remote Denial of Service Vulnerability

The following exploit code is available:

• /data/vulnerabilities/exploits/31061.html

Apple iPhone and iPod touch Safari WebKit 'alert()' Function Remote Denial of Service Vulnerability

Solution:
The vendor has released an advisory and fixes. Please see the references for more information.

Apple iPhone and iPod touch Safari WebKit 'alert()' Function Remote Denial of Service Vulnerability

References:

• iPhone Product Page (Apple)
  
• iPhone Safari JavaScript alert Denial of Service (Core Security Technologies)
  
• iPod touch Product Page (Apple)
  
• CORE-2008-0126: iPhone Safari JavaScript alert Denial of Service ( Core Security Technologies Advisories )