Safari doesn't run as root I don't think, so it's gonna take some more effort to get in beyond just sending Safari a malformed TIFF.
I have to say it is kinda of strange that Apple has within the last month paid particular attention to buffer overflow exploits in Safari and there apparently still is yet another. Shouldn't Apple have found this in a security review before? Weak.
Unless Apple changed it with 1.1.1, yes Safari runs as root. In fact, all iPhone apps run as root. Someone was asleep at the wheel with that decision, but it's certainly helped out the hackers.
BTW, the "new TIFF exploit" is actually a year-old; something that was patched in Safari and other browsers long ago. I guess Apple didn't see fit to correct that mistake.
Reader Comments (Page 1 of 1)
why not the LS2LS7? @ Oct 7th 2007 3:31AM
Safari doesn't run as root I don't think, so it's gonna take some more effort to get in beyond just sending Safari a malformed TIFF.
I have to say it is kinda of strange that Apple has within the last month paid particular attention to buffer overflow exploits in Safari and there apparently still is yet another. Shouldn't Apple have found this in a security review before? Weak.
freakscene @ Oct 7th 2007 3:58AM
Unless Apple changed it with 1.1.1, yes Safari runs as root. In fact, all iPhone apps run as root. Someone was asleep at the wheel with that decision, but it's certainly helped out the hackers.
BTW, the "new TIFF exploit" is actually a year-old; something that was patched in Safari and other browsers long ago. I guess Apple didn't see fit to correct that mistake.
Ward @ Oct 7th 2007 3:58AM
I was under the impression that on the iPhone everything ran as root.