Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iPod touch iPod touch TIFF exploit!!!!!!!

PowerFullMac

PowerFullMac

macrumors 601
Original poster
Oct 16, 2006
4,000
2
For those of you waiting for the iPod Touch jailbreak, the waiting could be over very soon! A TIFF exploit, the very same used with the PSP, has been discovered in Safari, and has already been used to execute code!

LINKAGE!
 
iPod touch and iPhone 1.1 Officially hacked

Not long now before a jailbreak app, a tiff explot has been run which allows the touch to run unsigned code which means its now hacked.
 
It's only a possible opening at this point-

It is a very promising development, but by no means is it 100% for sure gonna lead to a jailbreak.

Right now they are trying to use the exploit to, well, here's their words:

http://www.touchdev.net/wiki/TIFF_Exploit

Currently the Dev Team is working on a proof of concept which will hopefully lead to a jailbreak. The problem they are facing is writing a payload using raw ARM opcode without causing safari to crash.
The eventual target is to modify /etc/fstab so that /media will be mounted without the noexec flag. This should allow another payload to execute arbitary code without being restricted to a maximum size around the 50Byte mark.
Click to expand...

They have to be able to deliver code via the buffer overflow, without causing Safari to crash, otherwise the code won't run. The code has to be small, but it may be enough to then lead to another 'payload' that won't be restricted in size and can really do some damage... ;)
 
Seriously, it seems like TIFF exploits are the easiest exploits to find. This started the whole underground hacked firmware PSP scene, this has been done on PS3 firmware before, and now we got it on the iPod. Not surprising at all really, although you would think developers would start getting wise about this and prevent this from the get go.
 
Hmm ... buffer overflow allowing execution of arbitrary code. Sound familiar?

Anyone who doesn't update after Apple fixes this is crazy. You'll be leaving a security hole wide open.

Using vulnerability exploits to get third party apps working is also crazy. Wait till Apple opens the iPhone.
 
I think actually making use of this exploit takes more work though.

All the exploit will likely do is open a tiny crack that will allow a user to proactively jailbreak their Touch/iPhone (meaning an active step must be taken by the user to actually jailbreak or otherwise modify the unit.)

The exploit won't overwrite any flash ROM, that's why they have to come up with a way to load code without crashing the browser. Because if the browser crashes, any possible exploit is wiped out.

I don't know that the TIFF exploit has ever been used on another browser to load a bunch of code and run it on a machine, otherwise you think hackers would try to mess with peoples' PSP's.
 
plinden said:
Hmm ... buffer overflow allowing execution of arbitrary code. Sound familiar?

Anyone who doesn't update after Apple fixes this is crazy. You'll be leaving a security hole wide open.

Using vulnerability exploits to get third party apps working is also crazy. Wait till Apple opens the iPhone.
Click to expand...


What are they going to do, steal my phone number and billing information.. It is an iPod.
 
plinden said:
Anyone who doesn't update after Apple fixes this is crazy. You'll be leaving a security hole wide open.

Using vulnerability exploits to get third party apps working is also crazy. Wait till Apple opens the iPhone.
Click to expand...

They will not be opening the iPhone or iPod for a long time if ever. this is very good news if it is able to be used. and if this firmware gets hacked I will not update until the next version is hacked.
 
mrkramer said:
They will not be opening the iPhone or iPod for a long time if ever. this is very good news if it is able to be used. and if this firmware gets hacked I will not update until the next version is hacked.
Click to expand...

as a psp owner, firmware update patch and disable homebrew, I am not updating my firmware on my iPt .
 
Rhosfelt said:
What are they going to do, steal my phone number and billing information.. It is an iPod.
Click to expand...

I don't think you've thought this through. It's an iPod-only now because there are no third party apps.

So, say the iPod Touch hackers working on this find a way of using a buffer overflow to install third party apps. You like the idea of having a small tablet-like device (who doesn't) and you find some very useful PDA-type apps.

Apple fixes the exploit. You don't update your iPod because you don't want to lose your third party apps. Suddenly, every iPod touch that has working third party apps also has the exploit through which arbitrary code can be run. All the information you've put on your iPod is now vulnerable.
 
I know i probably sound daft but what does this actually all mean? We can add our own applications on ipod touch?
 
plinden said:
I don't think you've thought this through. It's an iPod-only now because there are no third party apps.

So, say the iPod Touch hackers working on this find a way of using a buffer overflow to install third party apps. You like the idea of having a small tablet-like device (who doesn't) and you find some very useful PDA-type apps.

Apple fixes the exploit. You don't update your iPod because you don't want to lose your third party apps. Suddenly, every iPod touch that has working third party apps also has the exploit through which arbitrary code can be run. All the information you've put on your iPod is now vulnerable.
Click to expand...

And you'd have to open a tiff that opens you to attack. I don't see a high risk here.
 
BII said:
And you'd have to open a tiff that opens you to attack. I don't see a high risk here.
Click to expand...

Yeah, luckily no one does things like that right now on their PCs, or their machines would be infested with ... what do you call them? ... viruses and spyware.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back