updated 02:55 pm EDT, Thu October 4, 2007
iPhone buffer exploit
A newly discovered iPhone exploit could help developers find another way to run third-party applications on Apple's device. Posters to the Hackintosh forums have discovered that Mobile Safari on both the Touch and the iPhone suffer from a one year old TIFF buffer overflow exploit that could lead to a jailbreak for the devices. Essentially, opening a carefully crafted TIFF image will crash Mobile Safari, causing a buffer overflow and allow for arbitrary code execution. A poster to the forums writes "This same exploit was used more than 1.5 years ago to crack the PSP firmware." This could theoretically lead to a new "jailbreak" process that would again allow third-party applications to be written to iPhones running the most recent firmware 1.1.1 release that disabled the functionality for all those who updated.
Hackers previously streamlined the processes of both installing third-party programs to the iPhone and command-line access to its inner workings using firmware revisions up to 1.0.2. The Installer.app utility completely automates the process of derestricting (or jailbreaking) the iPhone's file system and uploading a software package manager to the Apple device. Once installed, the Mac OS X app allows the iPhone to download and install Books or any of the other unofficial third-party programs already written for the device simply by using either local Wi-Fi or an EDGE connection.
However, these processes were put to a stop by firmware version 1.1.1, which disallows old jailbreaking routines and can cause serious problems with unlocked phones. In the days following the crippling v1.1.1 update, a number of iPhone owners were able to return hacked units to partial or full functionality.
Members of the iPhone Dev Team collective are said to be working on a second baseband unlock for downgraded units, fixing calling, as well as a fully-functional 1.1.1 unlock, which is already in testing.