/. wrote:Two researchers have found a way to run unauthorized code on an iPhone remotely. This is different than 'jailbreaking,' which requires physical access to the device. Normally applications have to be signed cryptographically by Apple in order to run. But Charles Miller of Independent Security Evaluators and Vincenzo Iozzo from the University of Milan found more than one instance in which Apple failed to prevent unauthorized data from executing. This means that a program can be loaded into memory as a non-executable block of data, after which the attacker can essentially flip a programmatic switch and make the data executable. The trick is significant, say Miller and Iozzo, because it provides a way to do something on a device after making use of a remote exploit. Details will be presented next month at the Black Hat Conference in Las Vegas." The attack was developed on version 2.0 of the iPhone software, and the researchers don't know if it will work when 3.0 is released.
Wow, sucks to be Apple with this coming out. Hopefully the researches did the right thing and reported it to Apple. If they didn't, boo on them.... if they did and Apple doesn't do something about it, boo on them!
Sabre (Julian) 92.5% Stock 04 STI
Good choice putting $4,000 rims on your 1990 Honda Civic. That's like Betty White going out and getting her tits done.
Charlie is a good guy, can't imagine that he didn't disclose first. My guess is its a vulnerability in a browser library, thats how they broke in the first summer the phone was out.
Jason "El Zorro" Fox '17 Subaru Forester 2.0XT
DCAWD - old coots in fast scoots.
ElZorro wrote:Charlie is a good guy, can't imagine that he didn't disclose first. My guess is its a vulnerability in a browser library, thats how they broke in the first summer the phone was out.
I don't know about the 'sploit personally, but I agree about Charlie.
