iPod touch TIFF exploit!!!!!!!

Discussion in 'iPod touch' started by PowerFullMac, Oct 4, 2007.

  1. PowerFullMac macrumors 601

    PowerFullMac

    Joined:
    Oct 16, 2006
    #1
    For those of you waiting for the iPod Touch jailbreak, the waiting could be over very soon! A TIFF exploit, the very same used with the PSP, has been discovered in Safari, and has already been used to execute code!

    LINKAGE!
     
  2. db2431 macrumors regular

    Joined:
    Sep 13, 2007
    #2
    iPod touch and iPhone 1.1 Officially hacked

    Not long now before a jailbreak app, a tiff explot has been run which allows the touch to run unsigned code which means its now hacked.
     
  3. duraace macrumors member

    Joined:
    Dec 27, 2006
    #3
    Right ... and long before Apple closes that hole?
     
  4. madmaxmedia macrumors 68030

    Joined:
    Dec 17, 2003
    Location:
    Los Angeles, CA
    #4
    It's only a possible opening at this point-

    It is a very promising development, but by no means is it 100% for sure gonna lead to a jailbreak.

    Right now they are trying to use the exploit to, well, here's their words:

    http://www.touchdev.net/wiki/TIFF_Exploit

    They have to be able to deliver code via the buffer overflow, without causing Safari to crash, otherwise the code won't run. The code has to be small, but it may be enough to then lead to another 'payload' that won't be restricted in size and can really do some damage... ;)
     
  5. PowerFullMac thread starter macrumors 601

    PowerFullMac

    Joined:
    Oct 16, 2006
    #5
    Just dont update until the new version is hacked. The Touchdev and iPhone Dev Team are still working on decrypting the firmware.
     
  6. SirithX macrumors 6502

    SirithX

    Joined:
    Feb 21, 2007
    Location:
    San Francisco
    #6
    Seriously, it seems like TIFF exploits are the easiest exploits to find. This started the whole underground hacked firmware PSP scene, this has been done on PS3 firmware before, and now we got it on the iPod. Not surprising at all really, although you would think developers would start getting wise about this and prevent this from the get go.
     
  7. plinden macrumors 68040

    plinden

    Joined:
    Apr 8, 2004
    #7
    Hmm ... buffer overflow allowing execution of arbitrary code. Sound familiar?

    Anyone who doesn't update after Apple fixes this is crazy. You'll be leaving a security hole wide open.

    Using vulnerability exploits to get third party apps working is also crazy. Wait till Apple opens the iPhone.
     
  8. madmaxmedia macrumors 68030

    Joined:
    Dec 17, 2003
    Location:
    Los Angeles, CA
    #8
    I think actually making use of this exploit takes more work though.

    All the exploit will likely do is open a tiny crack that will allow a user to proactively jailbreak their Touch/iPhone (meaning an active step must be taken by the user to actually jailbreak or otherwise modify the unit.)

    The exploit won't overwrite any flash ROM, that's why they have to come up with a way to load code without crashing the browser. Because if the browser crashes, any possible exploit is wiped out.

    I don't know that the TIFF exploit has ever been used on another browser to load a bunch of code and run it on a machine, otherwise you think hackers would try to mess with peoples' PSP's.
     
  9. Rhosfelt macrumors 65816

    Rhosfelt

    Joined:
    Aug 15, 2007
    Location:
    I don't want to be raped :(
    #9

    What are they going to do, steal my phone number and billing information.. It is an iPod.
     
  10. Jakintosh™ macrumors member

    Joined:
    Jun 21, 2007
  11. Mystikal macrumors 68020

    Mystikal

    Joined:
    Oct 4, 2007
    Location:
    Irvine, CA
    #11
    I REALLY hope they develop this over the weekend...
     
  12. mrkramer macrumors 603

    mrkramer

    Joined:
    Jul 11, 2006
    Location:
    Somewhere
    #12
    They will not be opening the iPhone or iPod for a long time if ever. this is very good news if it is able to be used. and if this firmware gets hacked I will not update until the next version is hacked.
     
  13. new0rder macrumors member

    Joined:
    Sep 22, 2007
    Location:
    NYC
    #13
    as a psp owner, firmware update patch and disable homebrew, I am not updating my firmware on my iPt .
     
  14. plinden macrumors 68040

    plinden

    Joined:
    Apr 8, 2004
    #14
    I don't think you've thought this through. It's an iPod-only now because there are no third party apps.

    So, say the iPod Touch hackers working on this find a way of using a buffer overflow to install third party apps. You like the idea of having a small tablet-like device (who doesn't) and you find some very useful PDA-type apps.

    Apple fixes the exploit. You don't update your iPod because you don't want to lose your third party apps. Suddenly, every iPod touch that has working third party apps also has the exploit through which arbitrary code can be run. All the information you've put on your iPod is now vulnerable.
     
  15. rangersdude macrumors newbie

    Joined:
    Oct 3, 2007
    #15
    I know i probably sound daft but what does this actually all mean? We can add our own applications on ipod touch?
     
  16. BII macrumors member

    Joined:
    Sep 1, 2006
    #16
    And you'd have to open a tiff that opens you to attack. I don't see a high risk here.
     
  17. plinden macrumors 68040

    plinden

    Joined:
    Apr 8, 2004
    #17
    Yeah, luckily no one does things like that right now on their PCs, or their machines would be infested with ... what do you call them? ... viruses and spyware.
     
  18. mrkramer macrumors 603

    mrkramer

    Joined:
    Jul 11, 2006
    Location:
    Somewhere
    #18
    We can't yet it just means that they may be able to add apps using this.
     
  19. PowerFullMac thread starter macrumors 601

    PowerFullMac

    Joined:
    Oct 16, 2006
    #19
    They get read/write access to 1.1.1 on the iPhone! Not long before the Touch follows in its footsteps me thinks! Clicky clicky!
     

Share This Page