Robert Hensing's Blog

Software Security . . . and stuff.

iOwned

iOwned

  • Comments 2
  • Likes

Interesting article in the NY Times today about a company that has found a vulnerability in the iPhone (probably Safari) that lets a remote attacker take complete control of the device.  Oops.

http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=2&adxnnl=1&adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw&oref=slogin&oref=slogin

They claim they will be demo'ing the vuln / pwnage at Blackhat in just a few days.  I wonder if Apple will lean on them to try and get them NOT to present as I would be very surprised if they are able to push out an update for this vuln in time.  I wonder also if these guys found the same bug that the boys at Errata sec found when they fuzzed Safari on Windows for like 15 minutes. (Errata claims that one of the Safari for Windows bugs they found works on the iPhone as well).

Among some of my favorite quotes from the article are these ones sure to cause Mac fanboys to lose their minds:

“Windows gets hacked all the time not because it is more insecure than Apple, but because 95 percent of computer users are on Windows,” he said. “The other 5 percent have enjoyed a honeymoon that will eventually come to an end.”

The iPhone is becoming a victim of its own success, he said. “The irony is that the more popular something is, the more insecure it becomes, because popularity paints a large target on its back.”

Oh and - in other iPhone related news - Cisco has taken the fall for the iPhone / Duke network outage issues - doh!
http://www.networkworld.com/news/2007/072007-cisco-iphone-duke-network-problem.html

I'll be sure to harass my friends over at Cisco PSIRT about this. :)

Comments
  • Careful Robert, your treading on dangerous ground. You know those Mac guys so do not want to be wrong that they are issuing death threats. See article at link.

    http://www.computerworld.com.au/index.php/id;737532235

    I enjoy readong your blog so I would hate to see you get held hostage by some Mac Zealots somewhere.

  • Hey, Rob, in case you didn't know:  Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users.

    I know this for a FACT because they say these exact words every single time that anyone asks them about all the security vulnerabilities in their products.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment