In association with heise online

09 October 2007, 12:32

Old exploit for Sony's PSP works on Apple's iPhone

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

In the hacker community, Apple's iPhone obviously continues to be the most interesting object for investigation. Unphased by its supposed security, a hacker group has apparently managed to smuggle their own code into Safari's current firmware and execute it via a buffer overflow that occurs while processing TIFF images. A sample "Hello world" is claimed to have been successfully tested several times. Interestingly, the exploit is reported to have originated in a PSP hacker source that was able more than a year ago to execute its own software and so install somewhat modified firmware on to the PSP via a TIFF hole.

Some additional adjustments must have been needed, however, because the iPhone has an ARM core while the PSP uses a MIPS processor. And the stack in the iPhone is supposed to be marked as non-executable, which ought to prevent the execution of code smuggled into it. The PSP hacker Niacin, who has evidently now turned his attention to the iPhone, says that the exploit writes the code to the heap, which has no special protection.

Instructions also exist on how to get access to the complete file structure of the iPhone under firmware version 1.1.1 and manipulate it. All that's required to do this is to create certain symbolic links before an upgrade to 1.1.1.

Finally, another vulnerability has been found in Mobile Safari, the iPhone's browser. McAfee says that Web sites can download files to the device without requiring confirmation. But they only tested the iPhone firmware 1.0.2. The hole is said also to exist in the beta version 3.0.3 of Safari for Windows. Other browsers, such as Internet Explorer, warn users if Web sites try to store potentially executable files on their system.

The beta version of Safari also allows Web sites or JavaScripts running in the local context to access external domains. That would give a script access to local data, for example, and enable it to send it to the internet. The flaw has been found in Safari 3.0.2 for Windows. According to its discoverer, the exploit also works on iPhones with version 1.0.2. The current version has not yet been tested.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit