关键信息 标题: iPhone Safari JavaScript alert Denial of Service CVE编号: CVE-2008-3950 CVSS Base Score: 5/10 Impact Subscore: 2.9/10 Exploitability Subscore: 10/10 风险级别: Medium 远程可利用: Yes 本地可利用: No 摘要 发现者: Nicolas Economou 影响版本: - iPhone v1.1.4 and v2.0 - iPod touch v1.1.4 and v2.0 修复版本: - iPhone v2.1 - iPod touch v2.1 漏洞描述 A vulnerability has been found in the WebKit library used by Safari inside iPhone. By inserting a special string into the 'alert()' JavaScript method, it's possible to crash Safari via an outbound memory read, triggering an access violation. 修复建议 Apple security updates are available via the Software Update mechanism and for manual download. 报告时间线 2008-07-21: Core notifies the vendor of the bug. 2008-09-12: Core publishes advisory.