Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

(Currently unpatched) iPhone vulnerability with exploit

Published: 2007-10-19
Last Updated: 2007-10-19 19:43:50 UTC
by William Stearns (Version: 3)
0 comment(s)

Secunia has put out an advisory about a vulnerability in the iPhone and iPod touch.  Viewing a malformed TIFF image can cause attacker-supplied code to be run.  As of 10/19/2007, it does not appear that Apple has released a patch for this; the only workaround of which we're aware is not viewing TIFF images from unknown sources.  We understand there is active exploit code in the wild for this vulnerability.

There are more details at http://secunia.com/advisories/27213/ .  The Metasploit project has more specifics on the exploit and a link to exploit code at http://blog.metasploit.com/2007/10/cracking-iphone-part-21.html .  The CVE entry can be found at http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5450 .

Keywords:
0 comment(s)
Diary Archives