toggle

AAPL Stock: 111.78 ( -0.87 )

Printed from http://www.macnn.com

Details of iPhone TIFF exploit posted

updated 05:50 pm EDT, Wed October 17, 2007

iPhone TIFF exploit detail

The details of a TIFF rendering security exploit for the iPhone -- which has been used to unlock the device and "jailbreak" it so that the filesystem can be read and written to -- have been published by hacker HD Moore, along with a revised, more robust version of the exploit. The vulnerability affects the iPhone's Safari browser, its e-mail program, as well as by the iTunes software and can be sent via e-mail or embedded in a Web page. It works on OS's 1.0, 1.0.1, 1.0.2 and 1.1.1. Moore told Computerworld that Apple has to leave a way to restore an iPhone back to previous versions of the firmware, which means that the bug will always be exploitable on the devices even if Apple patches it in future releases.

Moore said "I think the iPhone is pretty terrible," he said, referring to its level of security. "It's an easy platform to exploit." He said that's because exploiting any iPhone application gives root access to the entire phone. Moore also predicted that actual malicious code exploiting the TIFF vulnerability would be on the loose "pretty soon."

There are currently three different methods for hacking into the iPhone 1.1.1 filesystem are circulating on the Web, including the one mentioned above, which takes advantage of the TIFF exploit security bug. The most promising method to appears to be a publicly method of downgrading the firmware to v1.02, applying some modifications to the file system and then upgrading the firmware back to v1.1.1, thereby allowing users to run an application like AppTapp to install third-party applications.

Apple could simply (and likely will) patch the TIFF security flaw in the next update to easily disable this method; however, hackers could downgrade the firmware to re-enable the exploit.


"All they'll need to do is back port the firmware to an earlier version that's vulnerable," Moore told ComputerWorld. "Apple has to leave a way to restore an iPhone back [to previous versions of the firmware]."




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. ZinkDifferent

    Joined: Dec 1969

    -2

    "Has to...?"

    I very much doubt that Apple "HAS TO" leave a way to downgrade. They need an access point to upgrade, and considering that they are moving to a model of signed and encrypted software, it looks to me like any such exploits will be plugged soon, after leopard ships.

    Buh-Bye, hack-boys!

  1. thinkman

    Joined: Dec 1969

    0

    Epidemic

    One would think that "hacking" electronic devices is an epidemic by the number of articles on it. The only "service" they provide is to keep good companies on their toes. However, if it weren't for hackers, these companies likely wouldn't have to be on the alert all the time.

    As for the comment regarding downgrading, virtually every piece of the OS that is not root-level, is downgradable.

  1. chr1sl0ng

    Joined: Dec 1969

    -1

    downgrade the firmware

    That's like saying I could "downgrade to 10.0.0" to make my Mac more vulnerable to some random exploit that has since been patched. Of course I could, but I would lose functionality. Moreover, I could "downgrade to running Windows XP." Hey, while we're at it, let's build a new Linux distro for iPhone... I probably could, but I'm not going to. Give me a break!

  1. tomodachi

    Joined: Dec 1969

    0

    not an oxymoron, but

    "more robust version of the exploit."

    there's something deeply wrong about this phrase...

  1. randombob

    Joined: Dec 1969

    0

    fUD tactics

    Of course they have to have a way to downgrade/modify the firmware/software, but that doesn't mean that it's an actual exploit! Once 1.1.2 comes out and patches the flaw, it's no longer an exploit UNLESS they can remotely grab your iphone, load it up with the OLD firmware and downgrade the thing, all so they can run THIS exploit.

    Like Chr1s was saying..

    It's like saying that they found a vulerability in 10.1 that has since been fixed, yet still claiming that all mac users are vulerable, because we could *potentially* run/install that OS instead of the one we're currently using.

    By that line of logic, all intel Mac users are vulnerable to all Window viruses, because they could instead hack the mac and run windows instead of Tiger/Leopard.

    This is headline grabbing, nothing more.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lackin ...

toggle

Most Commented