Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: (Currently unpatched) Iphone vulnerability with exploit SANS ISC InfoSec Forums

Special Webcast: What you need to know about the crypt32.dll vulnerability. Register Now

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
(Currently unpatched) Iphone vulnerability with exploit

Secunia has put out an advisory about a vulnerability in the Iphone and Ipod touch.  Viewing a malformed TIFF image can cause attacker-supplied code to be run.  As of 10/19/2007, it does not appear that Apple has released a patch for this; the only workaround of which we're aware is not viewing TIFF images from unknown sources.  We understand there is active exploit code in the wild for this vulnerability.

There are more details at


80 Posts

Sign Up for Free or Log In to start participating in the conversation!