Safari exploit gives hackers full control over iPhones and possibly PCs and Macs
By Thomas Ricker 
posted July 23rd 2007 3:05AM
posted July 23rd 2007 3:05AM
Oops, researchers just unveiled a pretty serious security vulnerability in the iPhone. More specifically, it's Apple's Safari web browser which exhibits the vulnerability. Researchers at Independent Security Evaluators have used the vulnerability to take malicious control of the iPhone from rogue websites loaded with the exploit. Once in, researchers have full administrative access over the phone allowing them to listen in on room audio or snatch the SMS log, address book, call history, email passwords and more -- we're talking full access to your phone. Researchers note that the only way to stay safe is to check those URLs and only visit sites that you trust (which isn't very reassuring) and "may or may not be exploitable" from Mac and PC versions of Safari -- the same vulnerability exists only they haven't written the proof-of-concept exploit to test it yet. Apple has been notified of the vulnerability and a proposed fix with full public disclosure coming at the BlackHat conference on August 2nd. You listening InfoSec Sellout? That's how you report a bug. Check the exploit in video form after the break. [Via MacRumors]
Safari on PC is not made for public consumption, IMHO. They released it so that developers could test third party apps in windows using safari, nothing more. That's what I think, but I hope that a patch for this comes around quickly. That's why they conveniently released in a similar time frame that the iPhone was. This is, however, one area where MS does have more experience- fixing bugs. Microsoft is big enough that they have a fix pretty quickly (usually!), but Apple is pretty new to the security problem game, as far as I can tell. Not saying MS is better, just commenting on things. so please don't flame me, lol.
ok, i hope you know you can make phone calls to the PSP you big douch. furthering the fact that the iphone is a POS
Well, at least it can download QuickTime. Should I call you on the PSP. What's the number?
lol at thinking PC's will be affected. nobody uses that POS software on PC.
All apple says is "our software/hardware is the best" while its far far from being the best.
The fact that the iPhone has an exploit doesn't bother me so much. While it proves once again that even Apple products are susceptible to bugs, Apple is usually pretty good at patching them quickly. (In fact Microsoft is usually pretty fast at patching things, too. There's just so many things for them to patch.)
What does bother me about this, though, is that the flaw has been found so early in iPhone's life. Does this mean that people are turning their attention to exploiting OSX more now? If so, I'm concern how long it would take before they hackers turn their attention to Apple computers, too.
I'm just finding it a little funny because the rationale for relegating 3rd party support to the usage of web apps only (and not native/installable programs) was that web-based applications would supposedly be much more secure than traditional programs. And now it turns out that the first security issue to be found stems from the browser? How safe!
It won't be long before someone figures out a way to hack into the phone through an innocent-looking web app, even after Apple fixes this current exploit. Apple should just open up the damn phone already and quit being such control freaks, as it's clear that no matter what, there will always be security risks. There's no longer an excuse for snubbing true 3rd party apps.
/soapbox xD