icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Apple iOS < 1.1.4 DoS

High

Synopsis

The remote mobile host is vulnerable to a denial of service (DoS) attack.

Description

Versions of Apple iOS prior to 1.1.4 use a vulnerable build of the Apple Webkit prior to 420.1, which is affected by a denial of service vulnerability. This flaw exists because of the way the Safari browser handles memory. Specifically, when all memory has been utilized by the browser, it will attempt to close all inactive documents. In the process of closing these documents, a kernel panic and ensuing crash occurs. An attacker exploiting this flaw would need to be able to entice an iOS user to browse to a malicious web server. Successful exploitation would result in the device crashing.

Solution

Upgrade to iOS version 1.1.4 or higher.