10/17/2007, 5:50pm, EDT
Wednesday, October 17th
Details of iPhone TIFF exploit posted
The details of a TIFF rendering security exploit for the iPhone -- which has been used to unlock the device and "jailbreak" it so that the filesystem can be read and written to -- have been published by hacker HD Moore, along with a revised, more robust version of the exploit. The vulnerability affects the iPhone's Safari browser, its e-mail program, as well as by the iTunes software and can be sent via e-mail or embedded in a Web page. It works on OS's 1.0, 1.0.1, 1.0.2 and 1.1.1. Moore told Computerworld that Apple has to leave a way to restore an iPhone back to previous versions of the firmware, which means that the bug will always be exploitable on the devices even if Apple patches it in future releases.
Moore said "I think the iPhone is pretty terrible," he said, referring to its level of security. "It's an easy platform to exploit." He said that's because exploiting any iPhone application gives root access to the entire phone. Moore also predicted that actual malicious code exploiting the TIFF vulnerability would be on the loose "pretty soon."
There are currently three different methods for hacking into the iPhone 1.1.1 filesystem are circulating on the Web, including the one mentioned above, which takes advantage of the TIFF exploit security bug. The most promising method to appears to be a publicly method of downgrading the firmware to v1.02, applying some modifications to the file system and then upgrading the firmware back to v1.1.1, thereby allowing users to run an application like AppTapp to install third-party applications.
Apple could simply (and likely will) patch the TIFF security flaw in the next update to easily disable this method; however, hackers could downgrade the firmware to re-enable the exploit.
"All they'll need to do is back port the firmware to an earlier version that's vulnerable," Moore told ComputerWorld. "Apple has to leave a way to restore an iPhone back [to previous versions of the firmware]."
Filed under: Apple
, 
, 5
, 
, 
, 
, 
, 
Top
subscribe to comments
for this article
Buh-Bye, hack-boys!
As for the comment regarding downgrading, virtually every piece of the OS that is not root-level, is downgradable.
there's something deeply wrong about this phrase...
Like Chr1s was saying..
It's like saying that they found a vulerability in 10.1 that has since been fixed, yet still claiming that all mac users are vulerable, because we could *potentially* run/install that OS instead of the one we're currently using.
By that line of logic, all intel Mac users are vulnerable to all Window viruses, because they could instead hack the mac and run windows instead of Tiger/Leopard.
This is headline grabbing, nothing more.