Compartilhar via


iOwned

Interesting article in the NY Times today about a company that has found a vulnerability in the iPhone (probably Safari) that lets a remote attacker take complete control of the device.  Oops.

https://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=2&adxnnl=1&adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw&oref=slogin&oref=slogin

They claim they will be demo'ing the vuln / pwnage at Blackhat in just a few days.  I wonder if Apple will lean on them to try and get them NOT to present as I would be very surprised if they are able to push out an update for this vuln in time.  I wonder also if these guys found the same bug that the boys at Errata sec found when they fuzzed Safari on Windows for like 15 minutes. (Errata claims that one of the Safari for Windows bugs they found works on the iPhone as well).

Among some of my favorite quotes from the article are these ones sure to cause Mac fanboys to lose their minds:

“Windows gets hacked all the time not because it is more insecure than Apple, but because 95 percent of computer users are on Windows,” he said. “The other 5 percent have enjoyed a honeymoon that will eventually come to an end.”

The iPhone is becoming a victim of its own success, he said. “The irony is that the more popular something is, the more insecure it becomes, because popularity paints a large target on its back.”

Oh and - in other iPhone related news - Cisco has taken the fall for the iPhone / Duke network outage issues - doh!
https://www.networkworld.com/news/2007/072007-cisco-iphone-duke-network-problem.html

I'll be sure to harass my friends over at Cisco PSIRT about this. :)

Comments

  • Anonymous
    January 01, 2003
    The comment has been removed
  • Anonymous
    January 01, 2003
    Hey, Rob, in case you didn't know:  Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users. I know this for a FACT because they say these exact words every single time that anyone asks them about all the security vulnerabilities in their products.