Debunk: Yes, Virginia, the iPhone libtiff exploit can also be used for mischief
byNilay Patel||November 16th 2007 at 6:49pmNovember 16th 2007 6:49 pm
We're not really certain why anyone's surprised by the iPhone libtiff exploit at this point -- it's the entire basis of the 1.1.1 jailbreak, after all -- but apparently Fast Company didn't get the memo, because it just posted up this video of "self-employed security consultant" Rik Farrow using the 'sploit to surreptitiously install a voice recorder on an unpatched 1.1.1 iPhone. That would have been huge news when the iPhone first came out, obviously (and look at that -- it was) but FC and Rik are a little late, here: the libtiff exploit has already been patched, first by the Jailbreakme 1.1.1 web-jailbreak and then by Apple in the 1.1.2 update. There's no doubt that it's a serious vulnerability -- and Rik's confidently paranoid tone in this video makes it a must-watch -- but it's funny to see people get all worked up over a patched security hole hackers have been exploiting on a variety of devices for some time now.