Denial of Service Vulnerability in Safari for Apple iPhone and iPod Touch
CVE-2008-3950

Currently unrated

Key Information:

Vendor: Apple
Status: Iphone; Ipod Touch; Safari
Vendor: CVE Published:; 16 September 2008

Summary

An off-by-one error found in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in the WebKit rendering engine for Safari allows remote attackers to exploit this flaw. By crafting a specific JavaScript alert call with parameters that do not contain breakable characters and whose length is a multiple of the memory page size, an attacker can trigger an out-of-bounds read. This can lead to a denial of service, effectively causing the browser to crash. Affected devices include certain versions of Apple iPhone and iPod Touch, making it essential for users to be aware of this vulnerability.

References

http://www.securityfocus.com/bid/31061

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/496321/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.coresecurity.com/content/iphone-safari-javascr...

x_refsource_MISC

Timeline

Vulnerability published
Sep 16, 2008
Vulnerability Reserved
Sep 5, 2008