Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

(Currently unpatched) iPhone vulnerability with exploit

Published: 2007-10-19
Last Updated: 2007-10-19 19:43:50 UTC
by William Stearns (Version: 3)
0 comment(s)

Secunia has put out an advisory about a vulnerability in the iPhone and iPod touch.  Viewing a malformed TIFF image can cause attacker-supplied code to be run.  As of 10/19/2007, it does not appear that Apple has released a patch for this; the only workaround of which we're aware is not viewing TIFF images from unknown sources.  We understand there is active exploit code in the wild for this vulnerability.

There are more details at .  The Metasploit project has more specifics on the exploit and a link to exploit code at .  The CVE entry can be found at .

0 comment(s)
Diary Archives