Skip to main content

iPhone denial of service exploit still in new handsets

Will the iPhone suffer a major attack this year?

An iPhone denial of service exploit that was filed in January still hasn't been fixed. According to iPhone World the flaw is still present in the new 16GB model and 32GB iPod touch.

However, it isn't so surprising that the new models have shipped with the problem - the vulnerability was first discovered in the iPhone firmware version 1.1.2 but was still present in 1.1.3. And it isn't likely to be fixed until Apple releases its next full update.

The problem with Safari occurs when a website is visited that contains a malicious script. Maybe that scenario is unlikely, but Apple will surely want to reduce any accusations it is lax on security.

Serious attack this year?

Various security experts spent the latter half of 2007 warning that the iPhone would be a particular target for unscrupulous activity in 2008, and the Mac could also suffer as a result.

According to the annual vulnerability forecast from Arbor's security and engineering response team, the Apple iPhone will become the victim of a serious attack this year.

A series of assaults are likely to come in the form of so-called 'drive-by attacks'. This is where seemingly harmless information, images or other media is embedded in malware that performs dangerous actions when it's opened on the iPhone's Safari web browser.