A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is a brute-force attempt by nefarious parties to block a computer resource (usually a server) from being accessed by users. The evil geniuses behind DoS attacks generally seek public attention by targeting sites or services hosted on well-known web servers such as banks, credit card payment gateways, and even DNS root servers.

 

One technique involves targeting the victim service with a flood of external communications requests, so many that it can’t possibly respond to legitimate traffic, or else it responds so slowly as to be rendered effectively unavailable. It can be a toss-up whether the attack is over-saturating the computer itself or the broadband media connected to it. DoS and DDos attacks commonly constitute violations of the laws of sovereign nations.

 

Today, Radware (News - Alert), a major provider of integrated application delivery solutions for business networking, announced that its vulnerability research team discovered a DoS vulnerability in the Safari Browser of Apples’ iPhone (News - Alert) version 1.1.4. Radware is offering immediate protection as part of Radware’s Security Update Service (SUS), safeguarding customer infrastructures in advance of public disclosure of the flaw.

 

To exploit the vulnerability, an iPhone user must open an HTML page which contains Javascript that manifests this vulnerability, which can be achieved by social engineering (e.g. spam mail, spam SMS messages). The user will experience an application level DoS which results in crashing the Safari browser and which could go as far as crashing the entire iPhone appliance.

 

“While vendors are struggling to push new products and applications, it is evident that security still remains a secondary concern”, says Itzik Kotler, Security Operation Center Manager, Radware. “Hackers continue to misappropriate other people’s software and their job is made easier by design flaws embedded into software products”.

 

Apple (News - Alert) iPhone Safari browser is vulnerable to DoS attacks due to a design flaw that may be triggered by a series of memory allocation operations on the dynamic memory pool, which in turn triggers a bug in the garbage collector. The security hole is currently unpatched, leaving iPhone owners vulnerable to potential attacks until Apple issues a security update.