A working TIFF buffer overflow exploit was finally released for the iPhone 1.1.1 firware and the iPod Touch! This is huge for iPod Touch fans, as it means we can finally install other apps on the device. Like before, it’ll probably be a few days before there is a user-friendly tool, but if you don’t mind working through it, there are now working instructions available for both devices.
The first step to jailbreaking the devices is loading up a special TIFF file in Safari which remounts the storage in read-write mode. I don’t want to be a fear monger, but I’m a little concerned about a couple of things here:
- I haven’t seen source released anywhere, so who knows what the image is doing with root access on your phone
- It’s completely realistic to think that a more sinister version of the TIFF exploit could eventually be peppered around the web in comments and forum postings
It’d be smart for the iPhone and iPod Touch Dev teams to release the exploit code as well as instructions to manually apply the patch for libtiff. It’d be pretty ironic (not to mention good PR) for the dev teams to beat Apple to the security update. Especially since the update requires the jailbreak process to get it installed.
Also Worth Reading:
Heap-based buffer overflow: how the iPhone and iPod Touch could be hacked – Link