Expert Calls Apple's iPhone 'Perfect Spying Device'

["Richard M. Smith" <rms () computerbytesman com>]

http://news.yahoo.com/s/nf/20071017/bs_nf/56074;_ylt=AhRbvygw1PpiH.KhjDClyyo
E1vAI
 
Richard Koman,
<http://us.rd.yahoo.com/dailynews/nf/bs_nf/byline/56074/24858172/SIG=10r33ca
9a/*http://www.newsfactor.com> newsfactor.com Wed Oct 17, 2:52 PM ET 

Hackers intent on unlocking Apple's iPhone for use with carriers other than
AT&T -- and for using third-party applications -- exploited a bug in the
device's handling of TIFF images. But that same bug can be used for far more
nefarious exploits, renowned hacker HD Moore reported on his Web site, The
Metasploit. 

Moore posted to the site an exploit that would allow a hacker to insert
malicious code onto someone's iPhone to access the device's data. Because
the flawed TIFF library is used by the iPhone's Web browser, e-mail program,
and iTunes software -- and because all of those programs run as root
processes -- one of the iPhone's undocumented "features" is a gaping
security hole. 

Unlike the unlocking hackers, Moore said, "I wanted an exploit that would
write any arbitrary payload" to the phone. "This exploit is rock solid. It's
very reliable," he said. "You can send it in an e-mail, you can embed it in
a Web page." 

...

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.