toggle

AAPL Stock: 111.78 ( -0.87 )

Printed from http://www.macnn.com

iPhone buffer exploit may lead to jailbreak

updated 02:55 pm EDT, Thu October 4, 2007

iPhone buffer exploit

A newly discovered iPhone exploit could help developers find another way to run third-party applications on Apple's device. Posters to the Hackintosh forums have discovered that Mobile Safari on both the Touch and the iPhone suffer from a one year old TIFF buffer overflow exploit that could lead to a jailbreak for the devices. Essentially, opening a carefully crafted TIFF image will crash Mobile Safari, causing a buffer overflow and allow for arbitrary code execution. A poster to the forums writes "This same exploit was used more than 1.5 years ago to crack the PSP firmware." This could theoretically lead to a new "jailbreak" process that would again allow third-party applications to be written to iPhones running the most recent firmware 1.1.1 release that disabled the functionality for all those who updated.

Hackers previously streamlined the processes of both installing third-party programs to the iPhone and command-line access to its inner workings using firmware revisions up to 1.0.2. The Installer.app utility completely automates the process of derestricting (or jailbreaking) the iPhone's file system and uploading a software package manager to the Apple device. Once installed, the Mac OS X app allows the iPhone to download and install Books or any of the other unofficial third-party programs already written for the device simply by using either local Wi-Fi or an EDGE connection.

However, these processes were put to a stop by firmware version 1.1.1, which disallows old jailbreaking routines and can cause serious problems with unlocked phones. In the days following the crippling v1.1.1 update, a number of iPhone owners were able to return hacked units to partial or full functionality.

Members of the iPhone Dev Team collective are said to be working on a second baseband unlock for downgraded units, fixing calling, as well as a fully-functional 1.1.1 unlock, which is already in testing.







by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. njfuzzy

    Joined: Dec 1969

    0

    Then again

    ...may not.

  1. ZinkDifferent

    Joined: Dec 1969

    0

    1.2

    undoubtedly, october 2007 update will plug that hple as well...

  1. testudo

    Joined: Dec 1969

    0

    Re: 1.2

    Well, you would've thought that a browser in an OS supposedly based on a shipping (or a soon-to-be-shipping) OS would have plugged that security hole last year. Makes you wonder what other security holes Apple hasn't fixed in the iPhones/

  1. dliup

    Joined: Dec 1969

    0

    more secure than windowz

    T,

    Do you personally know any hackers? Not script kiddies, but real hackers making viruses to infect Windows machines for profit?

    See, a lot of hackers are using macs because it's the most capable OS / hardware combination out there (Macs can multi boot Mac OS x, Windows XP, Windows Vista, Linux at ease).

    Combine lack of interest (because they don't want to destablize Mac OS X, their tool of choice), and Macs being harder to hack than Windows, and other reasons, theorical exploits on the Mac are never taken adventage of by any hacker. So no matter what the possibilities are, despit of your wet dream being that all macs are hacked, zero real life exploits on Mac is still zero exploits.

    Definitely more secure and usable than your frankenstein windows machine which you have to put days to trouble shoot, find drivers, install drivers, install virus protection (which slows down your CPU), perform frequent defrag, reformat after a few months.

  1. ZinkDifferent

    Joined: Dec 1969

    0

    testudo...

    > Makes you wonder what other security holes > Apple hasn't fixed in the iPhones

    Well, easy enough to figure out - just do a quick catalog of all available exploits that result in script-kiddies and mal/spyware getting dumped into an OS X machine, and rendering them unsusab.... oh, wait, what's that? There's no actual documented and exploited vulnerabilities?

    Oh, right, it's just testudo talking out of his a**, again.

    a) Apple is quite fast at fixing genuine security holes, and relegates those that are less likely to be exploited in the real world at a much mower priority - this makes sense.

    b) iPhone, and the amount of attention it is getting, is helping Apple isolate further vulnerabilities, and plug them - which in return the rest of the OS X eco system will benefit from (notably, Leopard).

    All of this is good, and the new version of iPhone's OS (as well as future updates) will render iPhone quite futile to further hack.

  1. testudo

    Joined: Dec 1969

    0

    Re: testudo

    Well, easy enough to figure out - just do a quick catalog of all available exploits that result in script-kiddies and mal/spyware getting dumped into an OS X machine, and rendering them unsusab.... oh, wait, what's that? There's no actual documented and exploited vulnerabilities?

    Oh, right, it's just testudo talking out of his a**, again.


    No, its zinkdifferent talking when not kissing Jobs a**. There is NO reason not to fix security issues, potential be damned. And we're not talking about something that's 6 days old. Its over a year old. They couldn't find 10 minutes to fix the issue?

    a) Apple is quite fast at fixing genuine security holes, and relegates those that are less likely to be exploited in the real world at a much mower priority - this makes sense.

    Genuine holes? You just said there are no holes/exploits. Why should Apple bother?

    b) iPhone, and the amount of attention it is getting, is helping Apple isolate further vulnerabilities, and plug them - which in return the rest of the OS X eco system will benefit from (notably, Leopard).

    Right. The iPhone is going to help the full OS? Wouldn't you think it would go the other way, esp. since the OS has been around for so long?

    All of this is good, and the new version of iPhone's OS (as well as future updates) will render iPhone quite futile to further hack.

    You know what would be better? If Apple had just fixed it last year, and then there wouldn't be a discussion at all.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lackin ...

toggle

Most Commented