Radware, who produce enterprise security software, are claiming to have identified a Denial of Service (DoS) flaw in the iPhone’s mobile Safari browser.  While not yet seen in the wild, the bug is triggered by a Javascript command on a webpage - which Radware suggest would be linked to via a spam email or SMS message - and could result in Safari crashing or even the iPhone itself becoming unstable.  The flaw is present in Apple’s latest publicly available firmware, version 1.1.4, though it is uncertain whether Firmware 2.0 is similarly affected.

The exploit works through what Radware are calling a design flaw in mobile Safari, whereby multiple memory allocation operations on the dynamic memory pool trigger a bug in the garbage collector.  There doesn’t seem to be a lasting impact on the cellphone - switching it off and then on again should reset it - but I can see how this might be less than reassuring to your IT manager at work. 

Apple are yet to address the issue, and Radware would very much like you to buy their security software to prevent against it.  Of course, the obvious advice is - just like browsing the internet anywhere else - to not click on links from sources you don’t trust, to be cautious about random looking sites and to generally be sensible.  Though that wouldn’t make Radware any money, I suppose.

[via GigaOM]