Ben Cantrick (mackys) wrote,
Ben Cantrick

  • Mood:
  • Music:

iPhone/Touch jailbreak with full filesystem write access - confirmed.

Hacker Niacin (aka toc2rta) and Dre claim they've managed to combine the symlink hack with a TIFF vulnerability found in the v1.1.1 firmware's mobile Safari, which grants access to the file system. This is the hack we're testing here.

(Note: Due to the nature of this hack, it's to be considered ephemeral. Apple needs only to patch the TIFF vulnerability and file system access on v1.1.1 is out, with the touch and iPhone back to their previously not-too-hackable state.)

And the result thus far? We've tested the solution, and we can confirm file system read+write access via the TIFF exploit on an iPod touch, meaning loading a simple image file on your v1.1.1 device gives full root file system access!

Even if I don't agree with their reasons, I can understand why Apple is patching the iPhone. They're probably contractually obligated to patch holes in the iPhone by AT&T - who are scared to *death* that someone will port Skype to the iPhone and then nobody will need AT&T. What I still can't figure out, though, is why Apple won't open up the iPod Touch, which has no phone functionality and Apple is under no obligation to keep proprietary.

Hardly matters anyway. Apple is going to (fail to?) learn the lesson that Sony also (failed to) learn: lock it down all you want, encrypt it all you want, use whatever hardware reinforcement you want... you are not smart enough to fix all the holes. The hackers are smarter than you, they have more free time than you, and they WILL break it open - it's only a matter of when. <Star Wars>You can either profit by this... or be destroyed.</Star Wars>. (And in AT&T's case, I'm sure they prefer destruction to opening their devices - which is fine by me.)
Tags: digg
  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.