H D Moore published details on exploiting the iPhone today using the same vulnerability as the jailbreaks/unlockers. It takes advantage of a vulnerability in the libtiff library for processing TIFF image files.
The exploit is now in Metasploit, which means someone with only the technical skills of an ex-analyst can exploit you via email or a web page with a special image file.
Apple will hopefully patch this quickly. The bad news is that it will kill all current attempts to load custom applications on the iPhone, but since it’s now remotely exploitable the risk outweighs the reward.
Libtiff is a common library and this vulnerability was not unknown.
This demonstrates a big problem in locking down a popular system like the iPhone or the Sony PSP- the same techniques needed to customize the device can often be used to exploit the security. For a wildly popular device like the iPhone it seems to make sense to open it up to legitimate, safe developers.
This also proves that the excuse of locking the system down to protect the phone network (AT&T) is total bollocks, since it’s far from a perfectly secure system to start.
Yes, I’m biased- I want custom apps on the iPhone I’ll probably eventually buy. Doesn’t mean I’m wrong…
Reader interactions
7 Replies to “Metasploit Includes Exploit For iPhone 1.1.1- Using Same Vulnerability As Jailbreak”
the iPhone 1.1.1 software, and revert it to 1.0.2 software to restore functionality. Thanks to Rich Mogull for the Metasploit
the iPhone 1.1.1 software, and revert it to 1.0.2 software to restore functionality. Thanks to Rich Mogull for the Metasploit
the iPhone 1.1.1 software, and revert it to 1.0.2 software to restore functionality. Thanks to Rich Mogull for the Metasploit
the iPhone 1.1.1 software, and revert it to 1.0.2 software to restore functionality. Thanks to Rich Mogull for the Metasploit
[…] the iPhone 1.1.1 software, and revert it to 1.0.2 software to restore functionality. Thanks to Rich Mogull for the Metasploit link.) With Tiger running on the iPhone, why bother to release an SDK based on […]
It’s totally stretched- and I’‘m biased 🙂 But they just announced they are opening it up in Feb, so I’‘m happy.
Rich,
I think your argument is more than a little stretched.
First, nothing is “a perfectly secure system to start.”, but that’s not a reason to just give up on security!
Second, I think you’‘re saying that because non-security-interested hackers (clear hats?) like the iPhone Dev Team are motivated to help find exploits, this is a much riskier situation than when we just have white and black hats (and blue hats?) looking for breakage. I don’‘t believe clear hats really change the equation that much—I’‘m sure lots of people are working on breaking iPhones this month, and we can only hope (if not really believe) they’‘re all publishing so Apple can fix their bugs.