Radware, who produce enterprise defense software, are claiming to have identified a Denial of Service (DoS) flaw in the iPhone’s mobile Safari browser.  While not yet seen in the wild, the bug is triggered by a Javascript command on a webpage - which Radware propose would be linked to via a spam email or SMS message - and could aftereffect in Safari crashing or even the iPhone itself becoming unstable.  The flaw is present in Apple’s latest publicly available firmware, version 1.1.4, though it is uncertain whether Firmware 2.0 is similarly affected.

The exploit works through what Radware are calling a design flaw in mobile Safari, whereby multiple memory allocation operations on the dynamic memory pool trigger a bug in the rubbish

collector.  There doesn’t seem to be a lasting impact on the cellphone - switching it off and thereupon on again should reset it - but I can see how that might be less than reassuring to your IT manager at work. 

Apple are yet to address the issue, and Radware would very much like you to buy their safety measure software to prevent against it.  Of course, the obvious advice is - just like browsing the World Wide Web anywhere else - to not go on hyperlinks from sources you don’t trust, to be cautious about random looking sites and to generally be sensible.  Though that wouldn’t prepare Radware any money, I suppose.

[via GigaOM]