Security Flaw Found That Allows Control of iPhone

i_like_spam writes "The NYTimes is running a story about an iPhone flaw that has been found and documented by researchers from Independent Security Evaluators. Attackers were able to gain full control of the iPhone either through WiFi or by visiting a website with malicious code. The exploit will be demonstrated at BlackHat on Aug. 2nd at 4:45pm. Until then, 'details on the vulnerability, but not a step-by-step guide to hacking the phone, can be found at www.exploitingiphone.com, which the researchers said would be unveiled today.'"

The technical paper is the article

[nmoog]

Have a read of the technical paper from the article - Quite interesting. They used fuzzing to find a heap overflow vulnerability. They go on to talk of "Blackbox Exploitation", which I later realise has nothing to do with the cinematic genre.

Re:The technical paper is the article

[VGPowerlord]

For example: "Why not just disallow anyone not capable of not programming a buffer overflow from ever programming a device?"

would be easier to read as
"Why not just disallow anyone who has a history of programming buffer overflows from ever programming a device?"
although that changes the meaning slightly.

Re:Update Deployment

[jrumney]

iPhone patches will be delivered automatically through iTunes, the same way iPod ones are. So while you won't get them OTA, it is still better than most cellphones which require you to go out and find patch installers, and in some cases these can only be obtained from official servicing agents, not over the web.

Re:Duke University

Under a rock the last few days, I take it? Better check back in on that "Duke idiot admin goes to the media with half-baked iPhone theory" story.

Duke WAS NOT Apple's fault

[LKM]

Yeah, I can see how you're confused, because all the news outlets reporting about how the iPhone destroyed Duke's network did not bother to report that it was all made-up crap.

Last week:

"I don't believe it's a Cisco problem in any way, shape or form."

This week:

Cisco worked closely with Duke and Apple to identify the source of this problem, which was caused by a Cisco-based network issue. Cisco has provided a fix that has been applied to Duke's network and there have been no recurrences of the problem since.

Maybe at least /. could bother to retract the story?

Nah, who cares, it's just your usualy weekly Apple bashing.

Re:Duke WAS NOT Apple's fault

[jeffasselin]

You mean like posting an updated story?

http://hardware.slashdot.org/article.pl?sid=07/07/ 21/1212217

Kind of ugly though

[gelfling]

Isn't this the same Safari exploit that's been known for a while?

iPhone owner is not surprised

[goodmanj]

From TFA:

[Fuzzing] involves sending malformed data to the device in an effort to cause a fault and make it crash. The vulnerability we discovered and exploited was found in MobileSafari using fuzzing. Since MobileSafari crashes every ten minutes or so for me with *well*-formed data, I'm not surprised to hear that this is possible. Apple *seriously* needs to push out a Safari bugfix asap, not just for security, but for usability.

Re:Full Control?

[Richthofen80]

Not unless Verizon can secretly shove a CDMA antenna into your iPhone without you noticing.

the iPhone , when unlocked, will only ever work with GSM networks (T-Mobile and AT&T). Any changes that move the phone to Verizon would require solder and hot-glue.

Re:Excellent!

[Firehawke]

That's how they broke the PSP's protection, by finding holes in already signed code.