But as C. Miller covered in his EUSecWest presentation "Owning your Grandmother's iPhone" exploitation in a non-jailbroken environment is substantially more complex. A lot of the tools from jail-breaking that are leveraged to get command exec are just not there on the stock phone.
cheers, --dr On 31-Jul-09, at 8:12 AM, Juha-Matti Laurio wrote: > Details are being covered at > http://www.theregister.co.uk/2009/07/31/smart_phone_hijacking/ > > ".... > The bug resides in CommCenter, a service that's responsible for > handling SMS, wireless and other functions in the iPhone. > By default, it runs as root and isn't limited by an application > sandbox. That makes it an ideal vector for taking control of the > device. > What's more, the messages are delivered automatically and often > aren't easy for users to block. > ...." > > Juha-Matti > > der Mouse [[email protected]] kirjoitti: >>> "On Thursday, two researchers plan to reveal an unpatched iPhone bug >>> that could virally infect phones via SMS. [...] >> >> Any betting Apple manages to get them gagged before they can >> present? :( >> >> /~\ The ASCII Mouse >> \ / Ribbon Campaign >> X Against HTML [email protected] >> / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
