Login  |  Register  |  Contact

Metasploit Includes Exploit For iPhone 1.1.1- Using Same Vulnerability As Jailbreak

H D Moore published details on exploiting the iPhone today using the same vulnerability as the jailbreaks/unlockers. It takes advantage of a vulnerability in the libtiff library for processing TIFF image files.

The exploit is now in Metasploit, which means someone with only the technical skills of an ex-analyst can exploit you via email or a web page with a special image file.

Apple will hopefully patch this quickly. The bad news is that it will kill all current attempts to load custom applications on the iPhone, but since it's now remotely exploitable the risk outweighs the reward.

Libtiff is a common library and this vulnerability was not unknown.

This demonstrates a big problem in locking down a popular system like the iPhone or the Sony PSP- the same techniques needed to customize the device can often be used to exploit the security. For a wildly popular device like the iPhone it seems to make sense to open it up to legitimate, safe developers.

This also proves that the excuse of locking the system down to protect the phone network (AT&T) is total bollocks, since it's far from a perfectly secure system to start.

Yes, I'm biased- I want custom apps on the iPhone I'll probably eventually buy. Doesn't mean I'm wrong...

—Rich

Posted at Tuesday 16th October 2007 12:58 pm Filed under: non-geek

Previous entry: Understanding And Selecting A DLP Solution: Part 6, Central Administration, Policy Management, and W | | Next entry: Product News And Two Misjudgments I've Made On DLP (Reconnex and Vontu)

Comments:

If you like to leave comments, and aren't a spammer, register for the site and email us at info@securosis.com and we'll turn off moderation for your account.

By reppep  on  10/16  at  10:57 AM

Rich,

I think your argument is more than a little stretched.

First, nothing is "a perfectly secure system to start.", but that’s not a reason to just give up on security!

Second, I <strong>think</strong> you’‘re saying that because non-security-interested hackers (clear hats?) like the iPhone Dev Team are motivated to help find exploits, this is a much riskier situation than when we just have white and black hats (and blue hats?) looking for breakage. I don’‘t believe clear hats really change the equation that much—I’‘m sure lots of people are working on breaking iPhones this month, and we can only hope (if not really believe) they’‘re all publishing so Apple can fix their bugs.

By rmogull  on  10/16  at  10:17 PM

It’s totally stretched- and I’‘m biased :) But they just announced they are opening it up in Feb, so I’‘m happy.

By Software Kit for iPhone  on  10/16  at  10:24 PM

[...] the iPhone 1.1.1 software, and revert it to 1.0.2 software to restore functionality. Thanks to Rich Mogull for the Metasploit link.)  With Tiger running on the iPhone, why bother to release an SDK based on [...]

By ippimail.com » Blog Archive » Software  on  10/16  at  10:36 PM

[...] the iPhone 1.1.1 software, and revert it to 1.0.2 software to restore functionality. Thanks to Rich Mogull for the Metasploit [...]

By Software Kit for iPhone  on  10/17  at  01:02 AM

[...] the iPhone 1.1.1 software, and revert it to 1.0.2 software to restore functionality. Thanks to Rich Mogull for the Metasploit [...]

By ippimail.com » Blog Archive » iPhone S  on  10/22  at  03:13 AM

[...] the iPhone 1.1.1 software, and revert it to 1.0.2 software to restore functionality. Thanks to Rich Mogull for the Metasploit [...]

By iPhone Software Development Kit Set for February 2  on  10/22  at  03:22 AM

[...] the iPhone 1.1.1 software, and revert it to 1.0.2 software to restore functionality. Thanks to Rich Mogull for the Metasploit [...]

Page 1 of 1 pages

Name:

Email:

Remember my personal information

Notify me of follow-up comments?

Submit the word you see below: