Members
  • Total Members: 12816
  • Latest: t114563
Stats
  • Total Posts: 28525
  • Total Topics: 8240
  • Online Today: 833
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Browser flaw opens iPhone to attack  (Read 1581 times)

0 Members and 1 Guest are viewing this topic.

Amker

  • SCF Global Moderator
  • *****
  • Posts: 1081
  • KARMA: 22
  • Gender: Male
    • SCforum.info
Browser flaw opens iPhone to attack
« on: 24. July 2007., 23:25:52 »
A major flaw in the Apple iPhone's browser opens the device to attack through a malicious wireless access point or Web server, the security firm that discovered the vulnerability announced on Monday.

Because of some poor security choices in the phone's design, an attacker could install code to steal any and all data on the iPhone by exploiting a flaw in Apple's MobileSafari browser, the company, Independent Security Evaluators, said in a general analysis of the issue. An attack could use a link sent through e-mail or by an SMS (short message service) text message, or use an attacker-controlled wireless access point to execute a man-in-the-middle to redirect the iPhone's browser to the malicious code.

"We only retrieved some of the personal data but could just as easily have retrieved any information off the device," the company's analysis stated.

The exploit developed by Independent Security Evaluators takes advantage of a number of security weaknesses in the iPhone, the company stated. The worst issues is that all the device processes run with full administrator privileges. Moreover, the phone does not use address layout randomization and non-executable heaps to make exploitation more difficult, the firm's analysis said.

Released at the end of June, the Apple iPhone immediately came under scrutiny by security researchers and consumer electronics' hackers. Within days, noted Apple and DVD hacker Jon Lech Johansen found a way to turn on certain functions of the phone without going through the activation process. Other hackers discovered ways to make the file system accessible to non-Apple programmers.

Miller and Independent Security Evaluators plan to reveal the full details of the attack at the Black Hat Security Briefings in Las Vegas on August 2.
SecurityFocus
# Online Anti-Malware Scanners: http://scforum.info/index.php/topic,734.0.html

Samker's Computer Forum - SCforum.info

Browser flaw opens iPhone to attack
« on: 24. July 2007., 23:25:52 »




 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising