With the large number of web applications for the iPhone, Apple lists more than 600, the Mobile Safari browser plays a large role. Recently a Denial of Service(DoS) vulnerability was discovered in iPhone’s web browser.
The researchers who found the vulnerability were looking for a method to unlock the filesystem on iPhones with the latest firmware(1.1.3). Unlocking the filesystem allows the installing of custom ringtones and 3rd party applications. With the last firmware version you could automatically unlock your iPhone by visiting a particular website with the Mobile Safari browser.
The DoS exploit can be triggered by visiting the proof of concept page and clicking on one button.
Once it’s clicked a warning will pop up and the exploit code will run.
The iPhone will then become unresponsive, touching the screen or pressing the Home button will have no effect. Under a minute later, the iPhone will reboot.
Fortunately because the researchers did not have enough time or possibly any inclination, they have not produced a more troublesome exploit. The bug will only prevent you from using the iPhone temporarily and doesn’t steal your data or permanently damage the phone.
While the proof of concept site requires you to press “Go!” before it runs the exploit, a more malicious site could run the code without permission.
Apple also provides details on other settings(cookies,plug ins, cache) that can be changed.