funsec mailing list archives
Re: How to hijack 'every iPhone in the world'
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Fri, 31 Jul 2009 23:21:15 +0300 (EEST)
This is a very good point. It appears that Apple decided to release a patch during the Black Hat, however: http://support.apple.com/kb/HT3754 Juha-Matti Dragos Ruiu [dr () kyx net] kirjoitti:
But as C. Miller covered in his EUSecWest presentation "Owning your Grandmother's iPhone" exploitation in a non-jailbroken environment is substantially more complex. A lot of the tools from jail-breaking that are leveraged to get command exec are just not there on the stock phone. cheers, --dr On 31-Jul-09, at 8:12 AM, Juha-Matti Laurio wrote:Details are being covered at http://www.theregister.co.uk/2009/07/31/smart_phone_hijacking/ ".... The bug resides in CommCenter, a service that's responsible for handling SMS, wireless and other functions in the iPhone. By default, it runs as root and isn't limited by an application sandbox. That makes it an ideal vector for taking control of the device. What's more, the messages are delivered automatically and often aren't easy for users to block. ...." Juha-Matti der Mouse [mouse () rodents-montreal org] kirjoitti:"On Thursday, two researchers plan to reveal an unpatched iPhone bug that could virally infect phones via SMS. [...]Any betting Apple manages to get them gagged before they can present? :( /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mouse () rodents-montreal org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B_______________________________________________
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- How to hijack 'every iPhone in the world' Juha-Matti Laurio (Jul 30)
- Re: How to hijack 'every iPhone in the world' der Mouse (Jul 30)
- <Possible follow-ups>
- Re: How to hijack 'every iPhone in the world' Juha-Matti Laurio (Jul 31)
- Re: How to hijack 'every iPhone in the world' Dragos Ruiu (Jul 31)
- Re: How to hijack 'every iPhone in the world' Juha-Matti Laurio (Jul 31)