apple news/media reports

10/17/2007, 5:50pm, EDT

Wednesday, October 17th

Details of iPhone TIFF exploit posted

The details of a TIFF rendering security exploit for the iPhone -- which has been used to unlock the device and "jailbreak" it so that the filesystem can be read and written to -- have been published by hacker HD Moore, along with a revised, more robust version of the exploit. The vulnerability affects the iPhone's Safari browser, its e-mail program, as well as by the iTunes software and can be sent via e-mail or embedded in a Web page. It works on OS's 1.0, 1.0.1, 1.0.2 and 1.1.1. Moore told Computerworld that Apple has to leave a way to restore an iPhone back to previous versions of the firmware, which means that the bug will always be exploitable on the devices even if Apple patches it in future releases.

Moore said "I think the iPhone is pretty terrible," he said, referring to its level of security. "It's an easy platform to exploit." He said that's because exploiting any iPhone application gives root access to the entire phone. Moore also predicted that actual malicious code exploiting the TIFF vulnerability would be on the loose "pretty soon."

There are currently three different methods for hacking into the iPhone 1.1.1 filesystem are circulating on the Web, including the one mentioned above, which takes advantage of the TIFF exploit security bug. The most promising method to appears to be a publicly method of downgrading the firmware to v1.02, applying some modifications to the file system and then upgrading the firmware back to v1.1.1, thereby allowing users to run an application like AppTapp to install third-party applications.

Apple could simply (and likely will) patch the TIFF security flaw in the next update to easily disable this method; however, hackers could downgrade the firmware to re-enable the exploit.


"All they'll need to do is back port the firmware to an earlier version that's vulnerable," Moore told ComputerWorld. "Apple has to leave a way to restore an iPhone back [to previous versions of the firmware]."


Filed under: Apple

, , 5comments, del.icio.us, slashdot, digg, buzz


5 comments
Reader Reactions (Please use <i></i> for italic text)

subscribe to comments
for this article




Expand All   Global Settings
"Has to...?"
0
10/17, 6:17pm, EDT
I very much doubt that Apple "HAS TO" leave a way to downgrade. They need an access point to upgrade, and considering that they are moving to a model of signed and encrypted software, it looks to me like any such exploits will be plugged soon, after leopard ships.

Buh-Bye, hack-boys!
Fresh-Faced Recruit
Joined Jan 2005
User is offline
Epidemic
0
10/17, 6:35pm, EDT
One would think that "hacking" electronic devices is an epidemic by the number of articles on it. The only "service" they provide is to keep good companies on their toes. However, if it weren't for hackers, these companies likely wouldn't have to be on the alert all the time.

As for the comment regarding downgrading, virtually every piece of the OS that is not root-level, is downgradable.
Fresh-Faced Recruit
Joined Jan 2005
User is offline
downgrade the firmware
0
10/17, 10:37pm, EDT
That's like saying I could "downgrade to 10.0.0" to make my Mac more vulnerable to some random exploit that has since been patched. Of course I could, but I would lose functionality. Moreover, I could "downgrade to running Windows XP." Hey, while we're at it, let's build a new Linux distro for iPhone... I probably could, but I'm not going to. Give me a break!
Fresh-Faced Recruit
Joined Oct 2003
User is offline
not an oxymoron, but
0
10/18, 12:31am, EDT
"more robust version of the exploit."

there's something deeply wrong about this phrase...
Fresh-Faced Recruit
Joined Apr 2002
User is offline
fUD tactics
0
10/18, 11:25am, EDT
Of course they have to have a way to downgrade/modify the firmware/software, but that doesn't mean that it's an actual exploit! Once 1.1.2 comes out and patches the flaw, it's no longer an exploit UNLESS they can remotely grab your iphone, load it up with the OLD firmware and downgrade the thing, all so they can run THIS exploit.

Like Chr1s was saying..

It's like saying that they found a vulerability in 10.1 that has since been fixed, yet still claiming that all mac users are vulerable, because we could *potentially* run/install that OS instead of the one we're currently using.

By that line of logic, all intel Mac users are vulnerable to all Window viruses, because they could instead hack the mac and run windows instead of Tiger/Leopard.

This is headline grabbing, nothing more.
Fresh-Faced Recruit
Joined Jun 2007
User is offline
Your Comments

In order to post comments: If you are a registered member, please login with your MacNN Forums username and password otherwise please uncheck the checkbox below.


Registered Member?
macnn forums login:

macnn forums password:

Not a member of the MacNN forums? Register now for free.

RSS Feeds

Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.



  MacNN -all

  MacNN Reviews

  MacNN Podcasts

  iPodNN

  Electronista

  Left Lane News
Want To Sell Your Laptop? Any Condition - receive Top Cash. Get an instant quote. Free shipping www.CashForLaptops.com

VMware Fusion for $59.99 - limited time offer: Run Windows on a Mac without rebooting with VMware Fusion

Check Out the VIERA from Panasonic!: Enter a New Visual Era with Panasonic VIERA HDTVs. An Enhanced Experience.

Get an IT Degree Online: Get solid credentials. Take your hobby to the next level. Adult Programs. Affordable.

Join The MyView IT Research Panel: Members will receive opportunities to take part in surveys from today's leading businesses.

VMware Fusion for $59.99 - limited time offer: Run Windows on a Mac without rebooting with VMware Fusion

Buy from The Apple Store, iTunes.com, Amazon.com, TechDepot, OfficeDepot, Computers4Sure, or donate.