October 21, 2014

New iOS 5.1.1 Safari Browser Denial Of Service Vulnerability Found

(LiveHacking.Com) – Alberto Ortega, a vulnerability researcher at AlienVault and author of PenTBox (a set of security tools written in Ruby), has discovered a new denial of service vulnerability in Apple’s iOS. The problem, which occurs in the Safari web browser, has been seen to manifest itself on iOS 5.0.1, 5.1.0 and 5.1.1 and affects the iPod Touch, the iPhone and the iPad.

According to the security advisory, published by Alberto, when the JavaScript function match() gets a big buffer as a parameter the browser unexpectedly crashes. It also seems as if the search() function is also affected.

“iOS has a lot of mitigations to avoid successful exploitation,” Ortega said. “This software has errors and holes but you will need to bypass those hard mitigations and find more weaknesses to have something ‘usable’.” He believes that this vulnerailibty is a “step to achieve a real exploitation”.

To test the vulnerability you need to run the code posted in the advisory in Ruby and then open the URL of the running script in Safari. The Ruby script will send a specially crafted web page, which contains the relevant Javascript, to the iOS device. When attempting to run the Javascript Safari will crash.

This latest discovery comes only a few days after the Chronic-Dev Team published an untethered jailbreak for iOS 5.1.1.

At the time of disclosure, Ortega had already reported the problem to Apple, but there has been no official response.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks