Jul 5, 2007

[Security] Insecure iPhone?

Insecure iPhone?

The bundled Safari browser in iPhone contains one of the vulnerabilities that was discovered in the Windows beta version of the said browser. This vulnerability allows for remote code execution in iPhone via Safari. No exploit is available yet.

Also, there seems to be a security problem with the Mail application for iPhone. According to this page:

There does not appear to be a way to turn off the rendering of inline images in Mail. This combined with the fact that it supports full HTML mail, has implications for possible exploits by viewing mail messages.

It remains to be seen if this "mistake" is exploitable. Inline images in HTML email had caused serious problems for Microsoft before (like the one addressed by Microsoft Security Bulletin MS04-028). Most email clients block/remove inline images by default; in the mail client for iPhone, it appears that the client does not block inline images, nor there is a way for the user to configure the client in such a way that inline images are blocked.

Wait, there's more.

In a report by The Register, Errata Security reported that a bug in iPhone's Bluetooth features can allow an attacker (by using a fuzzer) to lock the entire device.

And here's the cute part:

Among the advances made to date, hackers have discovered the password the iPhone requires to give an application root access is, amazingly, "dottie" (minus the quotation marks). A second password for mobile access is "alpine."

Here's a wiki for those who are interested in iPhone hacks. Start hacking, folks. That is, if you have an iPhone.

(Exclusive to The Geeky Guide.)

No comments:

Post a Comment