Full Disclosure mailing list archives

Re: Fwd: Iphone


From: T Biehn <tbiehn () gmail com>
Date: Sun, 14 Jun 2009 14:38:35 -0400

Randal,
I'm going to assume you're thinking of the mayhem-prone ActiveX
object/embed tags... No this is not how they work. It's fairly obvious
why it doesn't work that way.

They are standard e-mail attachments, the iphone mail proggy (though
an unknown mechanism) recognizes it has a reader enabled for them, and
offers that as an option.

It's very doubtful, when you take into account the surround, that this
is an exploitable vector.

Think I'm taking a logical leap?

You are, for example, hopeful that some file type has a registered
viewer that allows you to change settings... Nothing on the iPhone
works this way, this would not be the case, the programmers would
basically have to be arsed to write insecure code (a backdoor) rather
than necessity & ignorance breeding insecure code.

You will have much more luck working against Safari and the PDF Viewer
and providing links and malicious attachments.

-Travis

On Sun, Jun 14, 2009 at 9:37 AM, RandallM<randallm () fidmail com> wrote:
Curious, any one on the list familiar with iPhone processes used for
email hypertxt and picture view through email? What processes are used
and called? Is it the basic same as IE and windows? Are there any
documents written (going to google in a bit).
There are a lot of "fun" features of the IPhone called and uses by
apps that I was curious if could be reached through email not for
havoc but fun. Of course that would also open a can of worms I
suppose.

It's an iPhone thing

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Current thread: