10/04/2007, 2:55pm, EDT
Thursday, October 4th
iPhone buffer exploit may lead to jailbreak
A newly discovered iPhone exploit could help developers find another way to run third-party applications on Apple's device. Posters to the Hackintosh forums have discovered that Mobile Safari on both the Touch and the iPhone suffer from a one year old TIFF buffer overflow exploit that could lead to a jailbreak for the devices. Essentially, opening a carefully crafted TIFF image will crash Mobile Safari, causing a buffer overflow and allow for arbitrary code execution. A poster to the forums writes "This same exploit was used more than 1.5 years ago to crack the PSP firmware." This could theoretically lead to a new "jailbreak" process that would again allow third-party applications to be written to iPhones running the most recent firmware 1.1.1 release that disabled the functionality for all those who updated.
Hackers previously streamlined the processes of both installing third-party programs to the iPhone and command-line access to its inner workings using firmware revisions up to 1.0.2. The Installer.app utility completely automates the process of derestricting (or jailbreaking) the iPhone's file system and uploading a software package manager to the Apple device. Once installed, the Mac OS X app allows the iPhone to download and install Books or any of the other unofficial third-party programs already written for the device simply by using either local Wi-Fi or an EDGE connection.
However, these processes were put to a stop by firmware version 1.1.1, which disallows old jailbreaking routines and can cause serious problems with unlocked phones. In the days following the crippling v1.1.1 update, a number of iPhone owners were able to return hacked units to partial or full functionality.
Members of the iPhone Dev Team collective are said to be working on a second baseband unlock for downgraded units, fixing calling, as well as a fully-functional 1.1.1 unlock, which is already in testing.
Filed under: Apple
, 
, 6
, 
, 
, 
, 
, 
Top
subscribe to comments
for this article
Do you personally know any hackers? Not script kiddies, but real hackers making viruses to infect Windows machines for profit?
See, a lot of hackers are using macs because it's the most capable OS / hardware combination out there (Macs can multi boot Mac OS x, Windows XP, Windows Vista, Linux at ease).
Combine lack of interest (because they don't want to destablize Mac OS X, their tool of choice), and Macs being harder to hack than Windows, and other reasons, theorical exploits on the Mac are never taken adventage of by any hacker. So no matter what the possibilities are, despit of your wet dream being that all macs are hacked, zero real life exploits on Mac is still zero exploits.
Definitely more secure and usable than your frankenstein windows machine which you have to put days to trouble shoot, find drivers, install drivers, install virus protection (which slows down your CPU), perform frequent defrag, reformat after a few months.
Well, easy enough to figure out - just do a quick catalog of all available exploits that result in script-kiddies and mal/spyware getting dumped into an OS X machine, and rendering them unsusab.... oh, wait, what's that? There's no actual documented and exploited vulnerabilities?
Oh, right, it's just testudo talking out of his ass, again.
a) Apple is quite fast at fixing genuine security holes, and relegates those that are less likely to be exploited in the real world at a much mower priority - this makes sense.
b) iPhone, and the amount of attention it is getting, is helping Apple isolate further vulnerabilities, and plug them - which in return the rest of the OS X eco system will benefit from (notably, Leopard).
All of this is good, and the new version of iPhone's OS (as well as future updates) will render iPhone quite futile to further hack.
Oh, right, it's just testudo talking out of his ass, again.
No, its zinkdifferent talking when not kissing Jobs ass. There is NO reason not to fix security issues, potential be damned. And we're not talking about something that's 6 days old. Its over a year old. They couldn't find 10 minutes to fix the issue?
a) Apple is quite fast at fixing genuine security holes, and relegates those that are less likely to be exploited in the real world at a much mower priority - this makes sense.
Genuine holes? You just said there are no holes/exploits. Why should Apple bother?
b) iPhone, and the amount of attention it is getting, is helping Apple isolate further vulnerabilities, and plug them - which in return the rest of the OS X eco system will benefit from (notably, Leopard).
Right. The iPhone is going to help the full OS? Wouldn't you think it would go the other way, esp. since the OS has been around for so long?
All of this is good, and the new version of iPhone's OS (as well as future updates) will render iPhone quite futile to further hack.
You know what would be better? If Apple had just fixed it last year, and then there wouldn't be a discussion at all.