The dangers of the Interweb are almost enough for me to go back to writing letters and sending telegrams to my loved ones—almost. You think browsing the net on your iPhone is safe and then wham—you get hit by a truck. Literally. Because you weren’t looking where you were going.
And then, of course, there are security concerns online too. The most recent? A JavaScript vulnerability in MobileSafari that can be exploited by putting malicious code on a website which can cause the iPhone to kernel panic. It hasn’t been determined yet whether or not this could lead to remote code execution, but it’s theoretically possible, given the nature of the exploit. iPhone 1.1.2 and 1.1.3 are both listed as vulnerable, with the potential for earlier versions of the firmware to be at risk as well.
What can you do about it? At the moment, you can turn off JavaScript under Settings -> Safari, but that’s not a great solution, since any spiffy web apps that rely on it—read: most of them—won’t work in the meantime. Guess it’s just a matter of hoping that Apple will patch this soon, and making sure you trust the sites you go to.
[via Engadget]
Unless this vicious code is embedded in macworld, CNN, fox, tvguide, macuser, wired, apple, google, ups, usps, Fedex, amazon, or the likes of those, I don't think I have too much to fear from this.
I would be curious to hear from ANYBODY who actually gets hit by this and perhaps share what site(s) were the culprit. I think a lot of these "scares" are so far fetched and I typically pass it off as nothing more than fanfare.
However, if there were truly some iPhone users out there who can actually confirm this, then it would sure be nice to know the source of the malicious code.
As a current user of firmware 1.1.1 (I am waiting for something "real" from Apple before I un-hack my phone) I am sticking with a hacked iPhone and a plethora of very useful applications that I use on a daily basis under firmware 1.1.1
There is already a javascript exploit called ImageMaker, from a UK company. The software basically has you set up a bookmarklet which points to their website which also contains javascript in the URL. You are instructed to save the bookmarklet with the site URL removed, leaving only the javascript. What does the software do? It allows you to collect images from the web so you can send them to you friends from your iphone.
This is done without jailbreaking the iPhone, and opens up a whole new can of worms for having a malicious software exploit sitting on your springboard that is run when you select it.
A person could make a bookmark from an innocent looking URL, only to have it execute a virus, or some other type of malware that could wreck havoc with your iPhone.
David B. Alford