funsec mailing list archives
Expert Calls Apple's iPhone 'Perfect Spying Device'
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Thu, 18 Oct 2007 23:06:46 -0400
http://news.yahoo.com/s/nf/20071017/bs_nf/56074;_ylt=AhRbvygw1PpiH.KhjDClyyo E1vAI Richard Koman, <http://us.rd.yahoo.com/dailynews/nf/bs_nf/byline/56074/24858172/SIG=10r33ca 9a/*http://www.newsfactor.com> newsfactor.com Wed Oct 17, 2:52 PM ET Hackers intent on unlocking Apple's iPhone for use with carriers other than AT&T -- and for using third-party applications -- exploited a bug in the device's handling of TIFF images. But that same bug can be used for far more nefarious exploits, renowned hacker HD Moore reported on his Web site, The Metasploit. Moore posted to the site an exploit that would allow a hacker to insert malicious code onto someone's iPhone to access the device's data. Because the flawed TIFF library is used by the iPhone's Web browser, e-mail program, and iTunes software -- and because all of those programs run as root processes -- one of the iPhone's undocumented "features" is a gaping security hole. Unlike the unlocking hackers, Moore said, "I wanted an exploit that would write any arbitrary payload" to the phone. "This exploit is rock solid. It's very reliable," he said. "You can send it in an e-mail, you can embed it in a Web page." ...
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Expert Calls Apple's iPhone 'Perfect Spying Device' Richard M. Smith (Oct 18)