tiffexploit
Latest
BlackBerry says TIFF vulnerability exposes enterprise servers to malware
BlackBerry has always prided itself on its top-notch security features, so it's a little worrying to see the company release a "high severity" advisory today warning of a potential exploit. According to the Waterloo-based operation: Vulnerabilities exist in how the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process TIFF images for rendering on the BlackBerry smartphone. Essentially, hackers could rig a TIFF file with malware and then trick a BlackBerry user into loading it via webpage, email or an embedded message, thus allowing the bad guys into their company's Enterprise Server. BlackBerry hasn't received any reports of attacks just yet, but urges IT administrators to update their BES software all the same. The update is available at the source, as are several temporary workarounds for those that can't update their installations just yet.
PSP 3000 hacked, with homebrew soon to follow
The intersection of PSP 3000 and Hack St. has thus far been a pretty lonely little place, so we're pleased to announce that the ChickHEN project is definitely gaining some momentum. According to one extra special YouTube video, hacksters are now able to run the TIFF exploit and boot into a homebrew enabler environment on a PSP 2003 and a PSP 3000 running 5.03 firmware. The code is seen surviving a reboot, and both the system software and MAC address can be changed. While not ready for prime time yet, this does pave the way for emulators, PSP uCLinux, and all of those other things that keep all you homebrew fans happy at night. Video after the break, if you dare. [Via Technabob]
Confirmed: Jailbreak/AppSnapp fixes TIFF Exploit hole in iPhone Safari
For everyone worried about malicious TIFF exploits, you might want to take a few seconds and re-read those jailbreak features listed on the AppSnapp page. See number 6? Not only does the team jailbreak your phone, add Installer.app and fix YouTube, but they also repair patch Safari's TIFF exploit hole. Yes, you read that right. These amazing hackers have done Apple a huge favor and fixed the very same exploit they used to jailbreak. For those of you asking about unactivated phones, if you use the Safari access trick I posted about a few weeks ago, you will even activate your iPhone and bypass the whole "connect to iTunes" screen. Is it possible to love these guys any more? Thanks to Nicholas "Drudge" Penree.Update: If you have already jailbroken your iPhone or iPod touch and want to patch Safari, head over to Installer.app and look under 1.1.1 Tweaks.Update 2: Just a reminder that the jailbreak is due in large part to the efforts of "rezn"
