Newly discovered Safari bug could mean big fees for some iPhone users


Whenever you hear about bugs and exploits being discovered in the iPhone’s browser, Safari, it’s usually the doings of some masterful meddler who devoted hours to unearthing any flaws they could find — not some user casually tapping around the application. Apple’s pretty good at keeping things locked down, and the iPhone’s got enough users that most of the nasty user-facing bugs have been flushed out. Well, except for this new one.

It’s not an incredibly common bug, and it doesn’t seem likely that it would hit most users – but for the iPhone users this newly discovered bug does affect, it could mean huge operator fees.

The flaw, as discovered by Estonian Apple Site AppleSpot: If the user visits a site which uses Motion-JPEG (most commonly used for security cams and live feeds) in Safari, Safari will continue to gobble up bandwidth even after Safari is closed. Safari is one of the few apps that Apple allows to process in the background, and Motion-JPEG streams appear to continue streaming, even if the stream is in another tab or in the “closed” application. Apple gives no indication that Safari will continue to stream – and considering that most applications on the platform aren’t granted such privileges, it’s unlikely that a lay user would understand the consequences.

As mentioned, this bug certainly isn’t one that springs up all that regularly; for it to affect you, you need to not only visit one of these Motion-JPEG streams in Safari, but also be on some sort of pay-per-megabyte plan. While it’s no sweat off the backs of anyone on an unlimited package (as is the case with a vast majority of US iPhone users), it could work out to MASSIVE wallet damage for anyone traveling internationally or who are signed up on carriers that only offer metered data.

The original discoverers of the bug claim to have been able to rack up over 740 megabytes in silently streamed data during one hour of testing. If the same thing had happened to someone without a data package, they say that one hour of unintentional data usage would have worked out to roughly 30,000 Estonian kroons in fees – or just shy of $3,000 dollars. Ouch.

[Thanks Ronald!]