Flaw in MobileSafari may lead to jailbreak
When we think of a software bug, it is rarely in a positive light, so it may come as a surprise that one may lead to the unshackling of the iPod touch. The bug in question is found in MobileSafari, the version of Apple’s Safari browser that runs on touch, and causes the browser to crash when a specially formatted TIFF format image is loaded.
So how can an annoying crash lead to progress on third-party iPod touch development? It’s not easy, but such a crash sometimes results in something called a buffer overflow. A buffer overflow occurs when, due to a bug, a program temporarily writes to memory in use by other programs. Usually, this will just cause program crashes, but if done correctly, it can lead to the execution of arbitrary code. In fact, buffer overflows in desktop software such as Microsoft’s Internet Explore are popular attack vectors for viruses.
Buffer overflow bugs can also be used for good. The Sony Playstation Portable (PSP) enthusiast community used the very same TIFF image that causes the MobileSafari crash to run code via a bug in the PSP browser, unlocking the device and giving birth to a flourishing homebrew community.
Now, iPod touch and iPhone hobbyists are working to exploit this bug in order to achieve a jailbreak. They hope to bring the homebrew applications and interface mods that were developed for early versions of the iPhone software to the post-1.1.1 firmwares for both devices. While success is far from guaranteed, this is a promising development in what has so far been a futile hunt for a way to unlock the touch.
via ipodtouchfans
I think this is exactly what we need to get the 3rd party apps a rollin.
I wonder how long the iPod touch will stay hackable before Apple releases yet another “upgrade” that will turn it into a brick.
Just a bit of note, the exploit on the psp didn’t use it’s browser, it used the built in image viewer.
yes, this is an important bug I think, they will make! *hope*
I think it’s a very bad idea to publish this stuff and how it’s done on websites until *after* it’s been cracked.
We really don’t want Apple “fixing the problem” before we’ve had a chance to get the key out of that firmware.
great, one problem, this should have been kept close to their chests. I forsee firmware 1.1.2 releasing next week. notes to include *bug fix
There is already a rumor that Apple will open up the Iphone and ipod touch to third party apps. (within limitations.)
This doesn’t release any specific details, so there really is no reason to be afraid of apple “fixing” this bug. In fact, apple knows there may be potential buffer overflow hacks especially with a browser.
[...] we previously predicted, it is the TIFF bug in MobileSafari (which runs on both the iPod touch and the iPhone) that has led [...]
The Sony Playstation Portable (PSP) enthusiast community used the very same TIFF image that causes the MobileSafari crash to run code via a bug in the PSP browser
The tiff exploits were run from the photo menu of the psp and not the browser. I hope when I get a touch it still works, because apple can make a security update just like the psp right?
Sponsors
Archives
Pages
Meta