On Aug 4, 2010, at 7:56 PM, Pablo Ximenes wrote: > I believe Jailbreakme.com is just REsurfacing,as it used to be used back in > the days of the first gen iPhone also for jailbreaking. So, it's not > excatly the first time this is happening.
Yep, but the attack surface was more wide open at the time: in the 1.x era applications ran with root privileges (now they run under the "mobile" user) and there was no sandboxing of user processes (no seatbelt :-). In a nutshell, it was feasible to exploit a system configured that way with any remote execution vulnerability, such as the TIFF[1][2] one. [1]: http://secunia.com/advisories/27213/ [2]: http://support.apple.com/kb/HT2170 ~Marcello -- ~ [email protected] ~ http://www.linkedin.com/in/marcellobarnaba ~ http://sindro.me/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
