iPhone v1.1.1 exploits starting to surface
by Conrad Quilty-Harper 
posted Oct 7th 2007 at 3:23AM
As if anyone expected it to stay locked down forever, the layers of security surrounding v1.1.1 of the iPhone firmware are being peeled away. TUAW's Erica Sadun managed to get read / write access to the phone's directories during her liveblogging session, and the hackint0sh forums are abuzz about a new hacking method that uses buffer overflow via "carefully crafted" TIFFs that crash Mobile Safari. Neither of the new hacks approach the relative ease of use that we'd seen pre-v1.1.1, but it's still early days yet. Apple, throw us a bone here, will ya?[Thanks, Julian]
Read - Liveblogging the big iPhone 1.1.1 hack (TUAW)
Read - A new exploit discovered (hackint0sh)
Reader Comments (Page 1 of 1)
Ron @ Oct 7th 2007 3:29AM
Let the games begin...
BigD @ Oct 7th 2007 3:48AM
Are the hackers the "Cat" or the "Mouse"?
jay-t @ Oct 7th 2007 6:22AM
@ BigD
Sometimes the mouse and sometimes the cat ;-)
Cagrino @ Oct 7th 2007 6:50AM
@BigD
Definitely the meeses, you don't want to see Apple get malicious!
Krono6 @ Oct 7th 2007 6:54PM
Wouldn't take long, considering how many geeks are into the iPhone already.
Also, wtf is a meese? Mice?
touch @ Oct 7th 2007 3:30AM
awesome
Xavier Gill @ Oct 7th 2007 8:37AM
And to think Engadget was posting with a virtual erection when they told us Apple would be homebrew 'neutral' - http://www.engadget.com/2007/09/11/dont-worry-iphone-hackers-apple-doesnt-hate-you/ - when in fact they've gone out of their way to not only break and block homebrew but to brick the device of anyone who uses homebrew.
BigD @ Oct 7th 2007 9:36AM
@Xavier
I don't think they're so much going after homebrewers, as they are the sim-unlockers. They don't care if you make the iPhone more useful, as long as you are doing it on an AT&T sim and voice/data plan.
Just what I'm thinking, though.
why not the LS2/LS7? @ Oct 7th 2007 3:31AM
Safari doesn't run as root I don't think, so it's gonna take some more effort to get in beyond just sending Safari a malformed TIFF.
I have to say it is kinda of strange that Apple has within the last month paid particular attention to buffer overflow exploits in Safari and there apparently still is yet another. Shouldn't Apple have found this in a security review before? Weak.
freakscene @ Oct 7th 2007 3:58AM
Unless Apple changed it with 1.1.1, yes Safari runs as root. In fact, all iPhone apps run as root. Someone was asleep at the wheel with that decision, but it's certainly helped out the hackers.
BTW, the "new TIFF exploit" is actually a year-old; something that was patched in Safari and other browsers long ago. I guess Apple didn't see fit to correct that mistake.
Ward @ Oct 7th 2007 3:58AM
I was under the impression that on the iPhone everything ran as root.
404error @ Oct 7th 2007 3:40AM
It's like the PSP all over again.
Carl @ Oct 7th 2007 3:44AM
I was about to say the same thing, real nice deja vu. All we need next is a downgrader. 2.00 exploit was a tiff buffer overflow too.
Twitchy @ Oct 7th 2007 3:51PM
Damn - I just sold my copy of Lumines.
john @ Oct 7th 2007 3:58AM
all this time and effort fighting the corp just to use the device the way consumers want to.
It is totally PSP all over again. Silly.
CeReaL_KilLeR @ Oct 7th 2007 4:47AM
You fools do realize that these two "exploits" don't actual put ANYONE a SINGLE step closer to cracking 1.1.1.
I was going to say "I hate to be the one to say this..." however I actually take great pleasure in being a realist and ensuring others understand what is going on and don't get too far ahead of themselves.
Soren @ Oct 7th 2007 4:48AM
I still haven't found out why people buy that phones
apstewart @ Oct 7th 2007 5:21AM
How about that HTC Kaiser / AT&T Tilt!
iPhone ftl.
Mark @ Oct 7th 2007 2:12PM
You never will with an attitude like that.
ED @ Oct 7th 2007 6:09AM
Digg this:
http://digg.com/apple/UNCONFIRMED_iPhone_1_1_1_exploit_discovered_May_help_to_jailbreak
ecobore @ Oct 7th 2007 6:23AM
Apple, as long as you keep this product locked down to one supplier you are going to bring on the ire of your customers. Great product - LOUSY way to sell it! Sure it is OK to sell it tied to a contract but we MUST be able to unlock it and use it elsewhere. If you want to sell in France (and I suspect some other EU countries that put consumer rights first,) This will be a LEGAL requirement!
John M @ Oct 7th 2007 9:02AM
once again is this news??? Hackers may be closer to unlocking functionality??? I know ill probably get low ranked for muttering those words but is this really news/blog worthy on the engadget page? TUAW-- I can see it being there but not on the main gadget page...I know, I can just skip over it blah blah blah....but afteer Ryan Blocks rant to Apple reguarding 3rd party app functionality I figured engadget had moved beyond characterizing every single advancement or tidbit of news reguarding the iphone..guess not
Brice @ Oct 7th 2007 9:03AM
the question is: will it blend?
http://www.willitblend.com/videos.aspx?type=unsafe&video=iphone
I just love it!!!
Crazy_Chris @ Oct 7th 2007 10:21AM
same thing happened with PSPs this time last year. "carefully crafted" TIFFs crashed PSP's and got us read/ write access
easty @ Oct 7th 2007 11:57AM
Maybe fake.. but other reports have said this guy is unlocking 1.0.2> upgraded phone and virgin
1.1.1 a irc user lives close and will be visiting tomorrow to check it out.
http://iphonevietnam.net/
tom @ Oct 7th 2007 2:17PM
keep up the good work guys!!!!!
Jeff @ Oct 7th 2007 2:25PM
Dont get me wrong, i like iPhone news, but is all the crap about hacking the iPhon really still news? it seems about time that this part of the discussion was relegated to the iPhone hacking boards or some phone hacking blog.
Is it actually still relevant?
Normally any post that even slightly relates to Apple would have sparked a 10 page flame war by now, and this seems to be boring enough that it's only a page or two. :P
Quentin @ Oct 7th 2007 3:40PM
Like Public Enemy said, we gotta "Fight the Power"!
Constable Odo @ Oct 7th 2007 4:28PM
Here we go again. WTF are these people wasting so much time with the iPhone when there are so many unlocked handsets around. The next update will only break them again. Why don't these people just use the iPhone instead of screwing around with it. I guess they won't learn. Apparently they like bricks instead of useable handsets.
Tanner @ Oct 7th 2007 10:16PM
I totally agree. I actually bought an iPhone shortly after the price drop. I love it and wouldn't trade it for any other phone on the market. I also knew what I was buying when I got it. I was buying a locked phone that you couldn't install any native 3rd party apps on. I have found some great websites that have fun games that I tinker with and get movie times and stuff like that, but I have never hacked my phone or even attempted to install 3rd party apps. My phone is important to me and I don't want anything bad to happen like crashes or it getting "bricked" or anything else that won't let me use it as a phone. I don't understand why so many poeple bought iPHones when they obviously wanted a treo or windows mobile phone. It seems pretty obvious to me, if you want to install lots of crap get a Palm or Windows phone. If you want a phone that is elegant, easy to use and has features that your average user would want than the iPHone is for you. At this point you can't have both. I don't see any problem with trying to lobby apple to open up the phone, what I see the problem is that people bought the iPhone knowing it was locked and now they are whining that it is locked. What the "F"! You knew it from the beginning. I wouldn't buy a car and then get pissed that it didn't have a truck bed. If the product isn't right for you don't buy it. If you want the company to make a product that is right for you write them a letter. Don't buy they thing that isn't right for you and then whine.
kvstud @ Oct 8th 2007 3:08AM
Really, *clap clap* for doing your best to alert SOMEONE about what to include in their next update.
kvstud @ Oct 8th 2007 8:17AM
Really, *clap clap* for doing your best to alert SOMEONE about what to include in their next update.
Mike P @ Oct 8th 2007 5:05AM
iPhone 1.1.1 firmware is hacked in Bombay, India by a guy names Imran Sayed claimed this site last nite:
http://Indychai.com
I have a feeling in next 3 -4 days 1.1.1 hack should be out in open and online too...Mr. Jobs sorry to update this....it seems India does not even have a official Apple store yet and they have yet again cracked the iPhone firmware, lol!
Lecudas @ Oct 8th 2007 10:21AM
Mike P, I do not get anything from the link you provided. Nor does any Google searches yield anything... Can you confirm this?
Josh G (aka Neo1337) @ Oct 8th 2007 11:19AM
WTF???? I TIPPED U ON THIS TWICE!!!!!!!! SCREW YOU ENGADGET!
Nigel @ Nov 29th 2007 6:54AM
Get your iphone unlocked or upgrade it to the latest version
UNLOCK WITHOUT OPENING THE PHONE, SO DONT WORRY
Upgrades of iPhones and any iPhone Repairs done too
If anyones interested, please email me cuteprick@hotmail.com or call me...
Come with your iPhone & i'll unlock it within 15mins.
CALL ME ON 9820541041
AM LOCATED IN MUMBAI