digg

Facebook Connect Join Digg About

iPhone 1.1.3 Prep is a Malicious File! DO NOT INSTALL

modmyifone.com Do not try installing the 1.1.3 iPhone Prep, it will do nothing on install, and on uninstall it will remove 20+ binaries (mostly those of Erica Sadun's utilities) from your iPhone's /bin/ dir

Who dugg this? Made popular Jan 6, 2008

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

125 Comments

show profanity settings
expand all
  • mavantix, on 01/06/2008, -3/+114When I was 11, I was downloading porn from BBS's. What is wrong with 11 years olds these days? He wouldn't be writing iPhone malware if he was still waiting for his GIF to zmodem download on a non multitasking OS. Just look what high speed internet and easily accessible high quality porn has done.
  • zweben, on 01/06/2008, -10/+85OS X is resistant to malware that installs itself. No platform is immune to malware that takes advantage of social engineering to get installed, simply because it is very difficult for software to tell the difference between an action that the user wants to do and an action that the user was tricked into doing.

    The only ways I can think of to fight malware that relies on social engineering are to educate the users so they know what sources not to trust, and an OS that is able to identify actions that would cause harm to other software and block them, which I don't think we will have for quite some time.
  • Luminoth, on 01/06/2008, -1/+70Nice work validating Apple's reasoning for wanting to keep the thing locked up. ***** moron kids.
  • smurf22, on 01/06/2008, -4/+51The dumb ass 11 year old copied some code mucked with it, and probably thought hey cool I created something malicious. It will be so funny if I brick peoples phones.

  • inactive, on 01/06/2008, -3/+43"it will do nothing on install, and on uninstall it will remove 20+ binaries" more like DO NOT UNINSTALL
  • DiggLive, on 01/06/2008, -88/+120But... the iPhone runs OSX and everyone knows OSX is immune to malware.
  • hotsoda, on 01/06/2008, -5/+33You're installing binary files that have the power to muck with the entire operating system. This is the very thing Apple wanted to take care of when they announced their official SDK.
  • dansmeek, on 01/06/2008, -1/+23all he did was use some xml code. he didn't actually make any binaries.
    some people have some code called "erica's utilities" which i believe are some terminal commands and whatnot.
    the kid used a binary of one of the earlier releases of erica's utilities and used some XML code to make the installer say "1.1.3 prep" and then link to a mirror of an old installer code. i'm wondering if the kid had any idea he was doing something malicious and possibly was just trying to show off to his friend "look i made an iphone program."
    this file is not as malicious as it sounds... it simply causes erica's utilities to stop working, as when you "uninstall" this program it will "uninstall" erica's utilities but installer will still think they are installed.... thus you will have an icon that has no program linked to it.
  • virtualball, on 01/06/2008, -1/+22Seriously, this isn't OSX's fault, it's the idiots who install unknown apps. I could easily open Terminal and write "sudo rm -rf /" if I wanted to, but that's not a virus, that's an idiotic action. This is why I only installed the community sources on my iPhone, if I need another app, I'll sftp it to my phone ;)
  • greenlight2001, on 01/06/2008, -2/+19Our mistake... it's your penis-like clitoris that threw us off... sorry.
  • NSMike, on 01/06/2008, -0/+15It amazes me that people expect Apple to cure ignorance.
  • directive0, on 01/06/2008, -3/+18Yeah Digglive, the Install app is unsigned and unlicensed third party program. The only way you can get to this step is if you jalibreak your phone, which is exactly what they don't want you to do. You really can't chide Apple for this when its situations just like this that they touted as the reason for the whole "closed" system on the iPhone. The stock iPhone firmware is completely 100% impervious to malware, and in comparison to a jailbroken phone, a fair bit less usefull.

    And all it does is remove non essential third party files.
  • Gaulven, on 01/06/2008, -1/+13You had ZMODEM? When I was that age we just had XMODEM... and we loved it!
  • happyseamonster, on 01/06/2008, -0/+12In other news: Intuit announced Quicken for the iPhone.
  • sspooner, on 01/06/2008, -4/+15What a jackass. Apparently his phone number is valid on his domain registration, I dare say his address is too.

  • kreatre2007, on 01/06/2008, -9/+19eh... I never install anything on my iPhone that doesn't come from Apple anyway. When Apple releases the SDK for the iPhone, then it will be safer to install third party stuff.
  • gsadamb, on 01/06/2008, -2/+10When I was 11, I got grounded for staying up too late or watching movies I wasn't supposed to. Not for writing malicious code!
  • happyseamonster, on 01/06/2008, -2/+9You know what homophobia really means don't you? It's Ok to be yourself. It's OK, really. Go ahead cry on my shoulder. No, not my lap, my shoulder. Ok, that's enough. Go back to your uncle.
  • PathDaemon, on 01/06/2008, -0/+7No, that was a rare but serious vulnerability — which is why Apple's next update resolved it, and why the community jumped in to provide fixes in the mean time.
  • literaryCop, on 01/06/2008, -3/+10Thanks to DeathHobbit and francis on mmi for pointing this out
  • TheWorm, on 01/06/2008, -0/+6Please take your dumbass comments elsewhere...Youtube perhaps. We don't want you.
  • igeoffi, on 01/06/2008, -2/+8digg down. :(
  • LiquidFusion, on 01/06/2008, -1/+7Chyna? Is that you?
  • Mike89, on 01/06/2008, -2/+8What about the TIFF exploit used to jailbreak the iPhone? Does that count?
  • PathDaemon, on 01/06/2008, -0/+5Looks like someone's never encountered spam, viruses, or tubgirl.
  • PathDaemon, on 01/06/2008, -1/+6What's worse is that Installer.app lets packages effortlessly state what they want to happen on install and uninstall (in shiny XML). That's great for legit developers, but can be abused so easily... maybe this is why Apple's never included an uninstall feature in their OSs: letting a program define its own removal is a too-easy entry point for malware.
  • Nuhaus, on 01/06/2008, -2/+7Thinking he's somewhere around the planet Sarcasm.
  • damnyooneek, on 01/06/2008, -2/+6been using osx for years and haven't run into anything. no virus or security program except a firewall. even when i click yes on the spyware/malware pop ups all i get is a blank file on my desktop. i love it.
  • m1ss1ontomars, on 01/06/2008, -0/+4I'm not too sure myself, not being lucky enough to own an iPhone, but it doesn't seem as though this bit of malware is harming any of the ORIGINAL OS X, just stuff people have installed...am I wrong?
  • zweben, on 01/06/2008, -3/+7With the lame commercials that say what? They claim that OS is immune to all malware? They claim that OS X cannot be damaged by a user intentionally installing something that would cause harm? I doubt it.
  • happyseamonster, on 01/06/2008, -2/+6If somebody tells someone to throw their computer out the window and they do it is that a OS vulnerability? There's all kinds of stupid things users may do to their computers. You know, like installing Quicken or Office.
  • waluigi14, on 01/06/2008, -1/+5It's "OS X", not "OS-X". But yes, allowing apps to run as root is dangerous (of course, it wasn't designed to run 3rd party apps in the first place, hence the running as root).
  • blergle, on 01/06/2008, -1/+5We need a name for such things to help people deal with them better in the future - oh wait we do!

    It's called a TROJAN! First trojan for the iPhone!
  • aussiedigger, on 01/06/2008, -0/+3100% impervious?

    Famous last words.
  • SigmaDraconis, on 01/06/2008, -7/+10YHBT. http://www.youtube.com/watch?v=cIpIAX78gig
  • JackondaRocks, on 01/06/2008, -3/+6You better be sarcastic cause if not, you're an idiot.
  • Firehed, on 01/06/2008, -1/+4Actually, the stock iPhone firmware (at least up through 1.1.1) had an image rendering exploit that allowed the easiest jailbreaking ever by using it for "good". Any malicious person could just as easily have used the same exploit to rm -rf / and murder the phone.

    The only real issue with the jailbroken phones is that applications are effectively running as root, or can do so very easily if you haven't changed the stock root password. Apple could (and may very well) change the permissions in /Applications so that only the root user has access to that folder and force all apps to have their data somewhere else - basically how it's already done but without the permission model.

    In honesty, it's a risk with pretty much any program. You can install the thing legitimately and it could still be malicious. How much damage it can do varies by the system's file permissions and whether the user authenticates if it runs up against a permissions check. Look at programs like AppZapper - they're DESIGNED to completely trash applications, and you don't have to authenticate to run or use them (though if it automatically tried to empty the trash, that may not be the case). In that case, it's being used for good. Without escalating permissions, the damage any program can do is relatively limited - but if you then go ahead and type in the root password, there's no limit to the damage done.
  • bjtitus, on 01/06/2008, -1/+4The iPhone 1.1.1 firmware had a OneTouch prep to give the upgraded 1.1.2 firmware a backdoor so it could be rehacked. Preps are there in order to allow for hacking the upgraded firmware.
  • Typhoon2009, on 01/06/2008, -12/+15I don't have an iPhone but I'd imagine that I'd be pissed if this happened to me... dugg
  • JoeDiggsIt, on 01/06/2008, -0/+3Ok, wukillabee, you showed up a few days ago and haven't gotten a comment over 0, so please, please, GTFO OFF MY DIGG.
  • pyrates, on 01/07/2008, -0/+3Not anymore with Vista. Now it's about privilege escalation, which OS X is vulnerable to as well. Any OS is when it is designed in that model.
  • PathDaemon, on 01/06/2008, -0/+3If you have to ask, then I must confirm that no, you do not have one — please do not attempt to reproduce.
  • snax, on 01/06/2008, -0/+3You probably should read other news - Digg (however great) is heavily skewed towards technology and stories for entertainment. Fun, but ultimately unimportant. I do like the political slant though, heh.
  • richardhenry, on 01/06/2008, -0/+3@daza We refer to exploits that affect Mac OS X. Although yes, it wasn't the first (or last) time that it is possible to inject code into a TIFF render.
  • kiwimonk, on 01/06/2008, -0/+3I don't have an Iphone, but I appreciate alerts of malicious stuff being posted on digg! Since I don't read any other news.. Thanks!
  • nfxmedia, on 01/06/2008, -0/+2Unfortunately, those are the ones who do.
  • Blackforge, on 01/06/2008, -0/+2Oh yeah? I used Kermit! KERMIT I say!

    Well on my first dialup to a University Internet connection to a VAX/VMS server before they started doing PPP.
  • inactive, on 01/06/2008, -0/+2figured it was a matter of time before someone put a malware program in the iphone repositories
  • blergle, on 01/07/2008, -0/+2iPhone security model is basically 'Windows 95'. Any app can do anything.
  • VSLOATHE, on 01/07/2008, -0/+2What if you're a cross between 2 and 3? I'm a FOSS developer who owns an iPhone.
  • Fetching more discussions...
    Show 51 - 100 of 120 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.