When we think of a software bug, it is rarely in a positive light, so it may come as a surprise that one may lead to the unshackling of the iPod touch. The bug in question is found in MobileSafari, the version of Apple’s Safari browser that runs on touch, and causes the browser to crash when a specially formatted TIFF format image is loaded.
So how can an annoying crash lead to progress on third-party iPod touch development? It’s not easy, but such a crash sometimes results in something called a buffer overflow. A buffer overflow occurs when, due to a bug, a program temporarily writes to memory in use by other programs. Usually, this will just cause program crashes, but if done correctly, it can lead to the execution of arbitrary code. In fact, buffer overflows in desktop software such as Microsoft’s Internet Explore are popular attack vectors for viruses.
Buffer overflow bugs can also be used for good. The Sony Playstation Portable (PSP) enthusiast community used the very same TIFF image that causes the MobileSafari crash to run code via a bug in the PSP browser, unlocking the device and giving birth to a flourishing homebrew community.
Now, iPod touch and iPhone hobbyists are working to exploit this bug in order to achieve a jailbreak. They hope to bring the homebrew applications and interface mods that were developed for early versions of the iPhone software to the post-1.1.1 firmwares for both devices. While success is far from guaranteed, this is a promising development in what has so far been a futile hunt for a way to unlock the touch.
via ipodtouchfans
I think this is exactly what we need to get the 3rd party apps a rollin.
October 4th, 2007 at 6:11 pm
I wonder how long the iPod touch will stay hackable before Apple releases yet another “upgrade” that will turn it into a brick.
October 4th, 2007 at 6:21 pm
Just a bit of note, the exploit on the psp didn’t use it’s browser, it used the built in image viewer.
October 5th, 2007 at 5:01 am
yes, this is an important bug I think, they will make! *hope*
October 5th, 2007 at 6:29 am
I think it’s a very bad idea to publish this stuff and how it’s done on websites until *after* it’s been cracked.
We really don’t want Apple “fixing the problem” before we’ve had a chance to get the key out of that firmware.
October 5th, 2007 at 10:35 am
great, one problem, this should have been kept close to their chests. I forsee firmware 1.1.2 releasing next week. notes to include *bug fix
October 5th, 2007 at 10:52 am
There is already a rumor that Apple will open up the Iphone and ipod touch to third party apps. (within limitations.)
October 6th, 2007 at 12:22 pm
This doesn’t release any specific details, so there really is no reason to be afraid of apple “fixing” this bug. In fact, apple knows there may be potential buffer overflow hacks especially with a browser.
October 7th, 2007 at 2:20 pm
New jailbreak method uses TIFF exploit says:
[...] we previously predicted, it is the TIFF bug in MobileSafari (which runs on both the iPod touch and the iPhone) that has led [...]
October 8th, 2007 at 5:00 pm
The Sony Playstation Portable (PSP) enthusiast community used the very same TIFF image that causes the MobileSafari crash to run code via a bug in the PSP browser
The tiff exploits were run from the photo menu of the psp and not the browser. I hope when I get a touch it still works, because apple can make a security update just like the psp right?
October 20th, 2007 at 10:48 am