AAPL Stock: 118.03 ( -0.85 )

Printed from

Details of iPhone TIFF exploit posted

updated 05:50 pm EDT, Wed October 17, 2007

iPhone TIFF exploit detail

The details of a TIFF rendering security exploit for the iPhone -- which has been used to unlock the device and "jailbreak" it so that the filesystem can be read and written to -- have been published by hacker HD Moore, along with a revised, more robust version of the exploit. The vulnerability affects the iPhone's Safari browser, its e-mail program, as well as by the iTunes software and can be sent via e-mail or embedded in a Web page. It works on OS's 1.0, 1.0.1, 1.0.2 and 1.1.1. Moore told Computerworld that Apple has to leave a way to restore an iPhone back to previous versions of the firmware, which means that the bug will always be exploitable on the devices even if Apple patches it in future releases.

Moore said "I think the iPhone is pretty terrible," he said, referring to its level of security. "It's an easy platform to exploit." He said that's because exploiting any iPhone application gives root access to the entire phone. Moore also predicted that actual malicious code exploiting the TIFF vulnerability would be on the loose "pretty soon."

There are currently three different methods for hacking into the iPhone 1.1.1 filesystem are circulating on the Web, including the one mentioned above, which takes advantage of the TIFF exploit security bug. The most promising method to appears to be a publicly method of downgrading the firmware to v1.02, applying some modifications to the file system and then upgrading the firmware back to v1.1.1, thereby allowing users to run an application like AppTapp to install third-party applications.

Apple could simply (and likely will) patch the TIFF security flaw in the next update to easily disable this method; however, hackers could downgrade the firmware to re-enable the exploit.

"All they'll need to do is back port the firmware to an earlier version that's vulnerable," Moore told ComputerWorld. "Apple has to leave a way to restore an iPhone back [to previous versions of the firmware]."

by MacNN Staff




  1. ZinkDifferent

    Joined: Dec 1969


    "Has to...?"

    I very much doubt that Apple "HAS TO" leave a way to downgrade. They need an access point to upgrade, and considering that they are moving to a model of signed and encrypted software, it looks to me like any such exploits will be plugged soon, after leopard ships.

    Buh-Bye, hack-boys!

  1. thinkman

    Joined: Dec 1969



    One would think that "hacking" electronic devices is an epidemic by the number of articles on it. The only "service" they provide is to keep good companies on their toes. However, if it weren't for hackers, these companies likely wouldn't have to be on the alert all the time.

    As for the comment regarding downgrading, virtually every piece of the OS that is not root-level, is downgradable.

  1. chr1sl0ng

    Joined: Dec 1969


    downgrade the firmware

    That's like saying I could "downgrade to 10.0.0" to make my Mac more vulnerable to some random exploit that has since been patched. Of course I could, but I would lose functionality. Moreover, I could "downgrade to running Windows XP." Hey, while we're at it, let's build a new Linux distro for iPhone... I probably could, but I'm not going to. Give me a break!

  1. tomodachi

    Joined: Dec 1969


    not an oxymoron, but

    "more robust version of the exploit."

    there's something deeply wrong about this phrase...

  1. randombob

    Joined: Dec 1969


    fUD tactics

    Of course they have to have a way to downgrade/modify the firmware/software, but that doesn't mean that it's an actual exploit! Once 1.1.2 comes out and patches the flaw, it's no longer an exploit UNLESS they can remotely grab your iphone, load it up with the OLD firmware and downgrade the thing, all so they can run THIS exploit.

    Like Chr1s was saying..

    It's like saying that they found a vulerability in 10.1 that has since been fixed, yet still claiming that all mac users are vulerable, because we could *potentially* run/install that OS instead of the one we're currently using.

    By that line of logic, all intel Mac users are vulnerable to all Window viruses, because they could instead hack the mac and run windows instead of Tiger/Leopard.

    This is headline grabbing, nothing more.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented