digg

Facebook Connect Join Digg About

UNCONFIRMED: iPhone 1.1.1 exploit discovered. May help to jailbreak

winandmac.com iPod Touch Dev Team has discovered the old malformed TIFF exploit in iPhone 1.0.2 and 1.1.1 to crash. This also applies to iPod Touch 1.1 and 1.1.1. It’s all about crafted TIFF file which will cause buffer overflow. The hackint0sh people said it was used to crack the PSP firmware, but not sure whether it will help to jailbreak....

Who dugg this? Made popular Oct 4, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

82 Comments

show profanity settings
expand all
  • KevenM, on 10/10/2007, -1/+75Unconfirmed news is so cool. Dugg for honesty.
  • WarpFox, on 10/10/2007, -8/+63UNCONFIRMED: ALIENS LAND IN MOSCOW, THOUSANDS DEAD
    UNCONFIRMED: COTTON CLOTHING CAUSES AIDS
    UNCONFIRMED: CAPS LOCK IS CRUISE CONTROL FOR COOL
  • indiefan, on 10/10/2007, -1/+56Just curious, why's it always tiff? Is there some inherent flaw in the way tiffs are displayed as opposed to other image formats?
  • RedHerringHack, on 10/10/2007, -1/+30And for the record, TIFF files can be compressed with LZW compression. Non-Lossy. There are TIFF tags that describe the pixels wide and high and pixel arrangement, pixel interleave, line interleave or separations. The TIFF reader reads these tags, prepares it's buffers, then blows the buffers when there is more data than specified. Or any variation on this theme. To be honest, being one of the TIFF standards committee members, TIFF is too complex, tries to do too many things, please too many segments of the printing world. TIFF being so complex, and having to support all of these formats to be certified, programmers use the demo code, or write buggy incomplete implementations of the reader. Having written these myself, I can tell you that buffer management is a nightmare with TIFF images.
  • geminitojanus, on 10/10/2007, -0/+26The code for TIFF files is extremely old, so much so that nobody really reviews it actively anymore. Thusly, everyone using the same, old TIFF code can be exploited by the same, ol' TIFF exploits. Nothing is inherently wrong with the format, it's the age-old, bit-rotting implementations.
  • Dwarfthemike, on 10/10/2007, -1/+17why did people digg you down? i thought this was a valid question; one that i was curious about as well. Thanks for those who answered him.
  • RatherDashing, on 10/10/2007, -1/+16its just a cat and mouse game....wonder how long until its broken wide open for all firmwares like they did the PSP.
  • johnhummel, on 10/10/2007, -1/+10Damn it - now I have to change my cotton briefs. *****! Why didn't anyone tell me this earlier?
  • Billions, on 10/10/2007, -3/+11As if no one at Apple reads digg... SHHH! Don't tell THAT guy in the jeans and black shirt!
  • l0ne, on 10/10/2007, -0/+8This is going to be like the PSP -- find a bug, exploit, fix the bug, find another bug, exploit, fix the bug, ad libitum.
  • UberFuzzy, on 10/10/2007, -0/+7i think its got something to do with the meta-data that CAN be stored in the files, and the parsing that has to be done to read it.
  • Otto, on 10/10/2007, -1/+6Generally speaking, when people need to display an image, they don't write code to read the image, parse the image, convert it to colors and pixels and then display the image. Instead, they use pre-written image manipulation libraries. A lot of these libraries are older, and some are really old since the image formats have been around forever and have not changed in a long time. So when an exploit is found for these libraries, the exploit tends to be everywhere and in everything.

    In this case, nobody has modified TIFF in decades. Anything that displays TIFF files probably has a bug in it somewhere. Maybe. unless they went to extraordinary lengths to correct it specifically. And it may not even be a bug in a library they used, they could have used a generic image manipulation library that happens to use the TIFF library itself. Code within code within code. Finding these sort of things before release can be really, really tough.
  • wm666, on 10/10/2007, -2/+7Hi. Guys. I can't believe there are so many people dugg this story... It's ... you know... it's amazing.... and unbelieveable . Anyway... My dreamhost actually sucks right now... Any other recommendations for web hosting? Server will be back later. Thanks to all of diggers. No matter negative or positive comment about this.
  • Swift2, on 10/10/2007, -0/+5Is it true that the jailbreak depended on a security hole? And that meant that Apple HAD to patch it, right? If a hack depends on using a malcrafted TIFF to induce a buffer overflow, wouldn't that necessitate a slapdown?

    To be clear, I think Apple should produce a real SDK and open things up to third parties. And if you want to unlock it for other providers, I guess you have to do without future system updates, that is, they should make sure that iTunes asks you if you want the next update, and warn you that it will either brick your hacked phone or restore it to AT&T. So then you could keep it as a functioning phone, only not upgradeable. Until somebody hacks the update process.
  • Protoss, on 10/10/2007, -1/+6You guys know the PSP scene used the same exploit a few times to get past Sonys homebrew locking, and nothing malicious has come of it. How is the iPhone THAT different?
  • blatzkowitz, on 10/10/2007, -1/+6Tiff's can hold multiple images and data in a single file. There is also no compression involved.
  • carvsdriver, on 10/10/2007, -0/+4You do realize that you can replace the screen yourself for like $50 right?
  • modusop, on 10/10/2007, -0/+4Which one? Steve or the iPhone guy? or the iPod touch guy? or the iLife guy? It appears that everyone who works at Apple dresses the same anymore.
  • timeshifter, on 10/10/2007, -1/+5"iPod Touch Dev Team has discovered the old malformed TIFF exploit in iPhone 1.0.2 and 1.1.1 to crash."

    WTF? Can anyone write ***** English anymore?

    I was going to try to rewrite it but I'm not sure exactly what they're trying to say.
  • kingkilr, on 10/10/2007, -1/+4Oh no, caps lock is definitely cruise control for cool
    /is not cool :(
  • niviche, on 10/10/2007, -0/+3If this is actually a security exploit, it would be very unsurprising that Apple doesn't fix it with its next update. They should, but it will break (again) all the unlocking & co developped in the meantime.
  • tnoy, on 10/10/2007, -1/+4Homebrew software should be less of a concern. If this is really just an exploit in how mobile safari deals with tiff files, to then run malicious code, this could be potentially serious. Especially combined with (from what I've read) the iPhone apps running as root. The iPhone will also be a bigger target than the PSP, seeing as though virtually all iPhone users will be using the internet through the app that will be the delivery mechanism for the malicious code itself.

    root + malicious code = very bad.
  • zbeast, on 10/10/2007, -0/+3Apple I want my applications back... I don't care about switching carriers but I do care about not being able to add my own applications
    to the phone. If the phone breaks, so be it. You don't have to support me. You want you consumers to throw these devices away anyway rather that get them repaired when the battery's no longer charge. Let me take what is an effectively a over priced music player with a phone and make it useful.
    I hope someone is able to crack this sucker back open.
    I call on you to set my iPhone free.
  • bjarkebech, on 10/10/2007, -0/+3Go dev team !
  • TechCF, on 10/10/2007, -1/+4TIFF is a container file, like avi. Not a simple picture format.
  • tokyomonster, on 10/10/2007, -4/+6OMGZ HAHAHA YOU MADE AN IPHONEZ JOKE ABOUT HOW PEOPLE LIKE TEHIR IPHONES LEZ B FRENDZ

    /sigh. ***** children.
  • inactive, on 10/10/2007, -1/+3UNCOFIRMED: iPhone 1.1.666.11.45..3.2 exploit will make your impotent
  • Rethcir, on 10/10/2007, -0/+2If I discovered an iPhone 1.1.1 exploit, I would be so happy
  • diggitydank, on 10/10/2007, -0/+2Man, my blocked list is getting long.
  • Otto, on 10/10/2007, -0/+2TIFF is indeed a container format, however older versions of libtiff have exploitable code. Basically a buffer overrun if you create a malformed TIFF in the right way.
  • tnoy, on 10/10/2007, -3/+5I wonder how long it will be before someone starts trying to use this maliciously.
  • EXTER, on 10/10/2007, -0/+2Not anymore, with the Pandora's Battery, every single PSP can get a custom firmware.
  • sitric, on 10/10/2007, -0/+1True
  • lsmaster, on 10/10/2007, -0/+1loled hard at this.
  • lsmaster, on 10/10/2007, -0/+1You suck.
  • inactive, on 10/10/2007, -0/+1go away!!
  • Hockey37, on 10/10/2007, -1/+2I don't wanna know where you're going to stick the bluetooth dongle.
  • ilgaz, on 10/10/2007, -0/+1"Let me take what is an effectively a over priced music player with a phone and make it useful."
    Why didn't you buy a device with a real OS with SDK such as Nokia N95? They are similarly priced. I try to understand but I really can't understand why people needing 3rd app support buying iPhone.
  • ilgaz, on 10/10/2007, -0/+1Any Technical users also owning Sony PSP? I bet they are smiling now.
    PSP had a TIFF exploit and thanks to that exploit, lots and lots of homebrew software shipped for PSP.
    It is amazing how similar are both devices. There are people saying "I will _BUY_ 3rd party software if you make available" to Sony but Sony won't listen and plays cat and mouse game with those free software developers. Another similarity is: There are thousands of PSPs with outdated firmware just because people wants to customise their PSP with 3rd party software.
    Didn't Apple learn a single thing from their Sony friends?
  • diggboy101, on 10/10/2007, -0/+1P'shaw..i bought my impotent premade from walmart
  • missingnoh4x, on 10/10/2007, -0/+1I might do that, it depends on whether anthing happens with the touch soon. WiFi and a multitouch screen would be extremely useful, but it won't be worth it if nobody cracks it.
  • craterburnsu, on 10/10/2007, -1/+2They may have found a way to crash the phone, that is not an exploit. An exploit is going to be a solid piece of code to exploit the device to do something, for now this is just a way to cause the phone to crash, which is a good start.
  • cleverboy, on 10/10/2007, -0/+1@Bootes

    People should be a LOT more concerned about security holes than unauthorized apps. Period.
  • phoenixone, on 10/10/2007, -0/+1I don't know how about you but I am getting very tired of all this stories about iPhone.
    I switch TV I see iPhone,
    I open newspaper (not MAC related) I see iPhone
    I go on the road I see iPhone ad
    I open Mac Magazine iPhone all over
    I am just afraid to open fridge or wardrobe!!
  • MacParrot, on 10/10/2007, -1/+2No, he's just buried for being an unoriginal ass...yet again
  • cleverboy, on 10/10/2007, -0/+1Exactly. root + web browser + useragent + redirect + malicious code = very very bad.
    Considering the same bug should exist on 1.02, its even worse for them (other flaws make much more possible).
    Safari crashes enough that you wouldn't know if the crash was even an exploit or not.
    Then its too late, and your address book is being uploaded over WiFi.
    2 days later "Sent from my iPhone" messages go out to your
    address book emails without your knowledge... with an attachment.
    The iPhone is in an entirely different league than the PSP, if your honest about it.

    ZERO-DAY.
  • ferrell, on 10/10/2007, -0/+1"(The) iPod Touch Dev Team (which is the crack team of developers working to open up the iPhone to allow for 3rd party development) has discovered the old malformed TIFF exploit (The 'malformed TIFF exploit' is a commonly used method for taking advantage of a chink in the armor of commonly reused TIFF code. This same method was used to crack the PSP) in iPhone (firmwares versions) 1.0.2 and 1.1.1 to crash (and allow for the theoretical execution of non-apple software) ."
  • cleverboy, on 10/10/2007, -0/+1Actually, unconfirmed means its not a RUMOR its been seen, carefully explained, but is as yet UNCONFIRMED. See the difference? If you don't, don't hurt yourself.
  • ilgaz, on 10/10/2007, -0/+1I am afraid of the fact that there were many trojans shipped for PSP promising some great feature or openness.
    Trojan in its real meaning. Not a virus, not a worm but trojan.
  • dontaskagain, on 10/10/2007, -0/+1If apple did nothing top stop this im pretty sure it would mean repercussions from AT&T. I expect they are between a rock and a hard place on this one. A poor move to sign up for 2 years exclusivity i say, letting AT&T have an influence in how jobs does business must be a pain in the arse for him. But what do i know..
  • Fetching more discussions...
    Show 51 - 82 of 82 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.