Document Title:
===============
Apple iOS v7.0.2 5S - Denial of Service Vulnerability (PoC)


Date:
=====
2013-10-02


References:
===========
http://www.vulnerability-lab.com/get_content.php?id=1106

Video: https://www.youtube.com/watch?v=jf4t0yFoSD8



VL-ID:
=====
1106


Common Vulnerability Scoring System:
====================================
3.9


Status:
========
Published


Exploitation-Technique:
=======================
Defensive


Severity:
=========
Medium


Details:
========
The video has been recorded by a laboratory member to demonstrate an iPhone 5s denial of service vulnerability.
The vulnerability freezes the interface functions and a hard reset is required the leave the problem.
The issue can be exploited by physical device access of an attacker and the problem is not visible to the attacked person.
The issue is a combination of a memory flaw and a glitch problem resulting in the permanent freeze of the control center, calender & camera.
The vulnerability is since today marked as zero-day issue with a scoring of 3.9 because the issues can be passed by a hard reset (shutdown<reboot) of the device.


Credits:
========
Vulnerability Laboratory [Research Team]


Disclaimer:
===========
The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, 
either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business 
profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some 
states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation 
may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases 
or trade with fraud/stolen material.

Domains:    www.vulnerability-lab.com   	- www.vuln-lab.com			       - www.evolution-sec.com
Contact:    admin@vulnerability-lab.com 	- research@vulnerability-lab.com 	       - admin@evolution-sec.com
Section:    www.vulnerability-lab.com/dev 	- forum.vulnerability-db.com 		       - magazine.vulnerability-db.com
Social:	    twitter.com/#!/vuln_lab 		- facebook.com/VulnerabilityLab 	       - youtube.com/user/vulnerability0lab
Feeds:	    vulnerability-lab.com/rss/rss.php	- vulnerability-lab.com/rss/rss_upcoming.php   - vulnerability-lab.com/rss/rss_news.php

Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. 
Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other 
media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and 
other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), 
modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission.

				Copyright © 2013 | Vulnerability Laboratory [Evolution Security]