Update Protection against Apple iPhone Safari 'tel:' URI Handling Remote Denial of Service

Vulnerability
Protection

Check Point Reference:	CPAI-2010-120
Date Published:
Severity:
Source:	Bugtraq ID: 36386
Industry Reference(s):	CVE-2009-3271
Protection Provided by:	IPS-1 IPS-1 IPS-1 NGX R65
Who is Vulnerable? Apple iPhone 3.0.1
Vulnerability Description The Safari browser on the Apple iPhone is prone to a denial-of-service vulnerability. By persuading a user to visit a specially-crafted Web site containing a overly long tel: URI in an iframe, a remote attacker could exploit this vulnerability to cause the device to crash.

Vulnerability Details
The vulnerability is caused by an error in the Safari Web browser when handling tel: URIs. Attackers can trigger the vulnerability by convincing a user to visit a malicious site which will then crash the device.

Protection Overview
This protection will detect and block HTML documents containing 'tel:'-style URIs which are over a threshold length.

To configure the defense, select your product from the list below and follow the related protection steps.

IPS-1 & IPS-1 NGX R65

How Can I Protect My Network?
1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Web Intelligence > HTML, and select the Safari protection group.
3. Click Apple Safari Long tel: URL Alert (IPS-1 NGX R65 only).
4. In the configuration pane, under Settings, check Active.
5. Click on Install Policy.

How Do I Know if My Network is Under Attack?
Upon attack, the following entries will be logged:

Alert Name: Apple Safari Vulnerabilities
Description: Apple Safari Long tel: URL Alert

Legal Notice for Threat Center Advisories