All Articles Tagged vulnerability

ZOMG! Ziphone Dude Crashing iPhones With Malicious Audio Code?

Posted on Monday, Nov 3, 2008 by Rene Ritchie

8 Comments » File Under:News;   Tags: , ,

Forbes.com (via TUAW) is claiming Ziphone jailbreak author Piergiorgio Zambrini has found a way to crash the iPhone (and other computer systems, according to Zambrini’s own website) using specially crafted video files:

The bug Zambrini found is in the audio portion of Apple’s video format. Knowing the bug exists, someone could write a program that incorporates the bug into a video file and trigger a crash whenever an iPhone attempts to run that file. The bug, which is located in a shared code library that is used across most Apple operating systems and some Linux ones as well, doesn’t appear to cause any permanent damage, but immediately sends the device into a panic that leads to a lengthy reboot.

Since it crashed the device and not just the app, one security expert quoted feels it’s a kernal vulnerability that’s been discovered. Zambrini, who paradoxically claims to have both applied for a job with Apple’s security team, and that working for Apple is not his goal, is apparently exploring the vulnerability as a way to inject malicious code.

Lovely.

Howsabout next time we be a little more responsible and keep the information confidential, alerting only the OS makers involved, giving them a reasonable amount of time to patch the problem before we put real world end-users at risk by alerting bad guys to potential exploits, b’okay?



Flash and Java on the iPhone: Video Dream vs. Security Nightmare Redux

Posted on Thursday, Sep 4, 2008 by Rene Ritchie

5 Comments » File Under:Editorial;   Tags: , , , ,

iPhone SDK: Smashing Flash Rumors

Last week the UK ruled that Apple was misrepresenting the iPhone’s provisioning of “just the internet” due to the lack of support for two ubiquitously popular 3rd party plugins: Flash and Java. We’ve previously covered the will they/won’t they drama surrounding development and deployment of Flash and Java pretty much ad nauseum infinitum, as well as some seldom discussed yet surprisingly frightening concerns about Flash and its downright sneaky use of 3rd party advertising cookies.

More recently, however, another issue has come to light. Primarily concerned with Windows Vista security and how it can be circumvented, this issue throws a renewed focus on the danger of 3rd party plugins like Flash and Java, on how they interpret and run code on our machines, and how they provide an increasingly popular attack vector for bad guys (hackers, malware authors, identity thieves, etc.)

How does this all relate to the iPhone, and what about ZOMG! Can has my Flash vidz? Read on to find out!

Read the rest of this entry »

About the blog

Featured content Featured content

Featured content Featured content

Follow us on Twitter Follow us on Twitter

Subscribe

Add to Google Reader or Homepage

 News Tips
Subscribe to our Store Newsletter:

Reviews

Tips

Tags

2.0 2.1 AT&T Apple BlackBerry Games Google Humor Microsoft News Safari Software Video Wireless app store hack hype iPhone iPhone 3G iTunes jailbreak mobileme omgnoappz palm review rim rumor sdk unlocked windows mobile

Comments

Discussion From Our Forums

What's Hot from the Phone different Store

The Smartphone Experts Network







About the iPhone Blog

The iPhone Blog merged with the Phone different site in May of 2008. Both sites were founded on a premise that comes one from one of Apple's old slogans: Think different. The iPhone Blog: for people who dare to phone different.

More about TiPb and our Authors

Contact Us

Advertise on TiPb