I would like to change the world but, nobody will give me the source code.



Safari exploit gives hackers full control over iPhones and possibly PCs and Macs

Written by Karl L. Gechlik | AskTheAdmin.com on July 21, 2007 – 4:07 pm -

Oops, researchers just unveiled a pretty serious security vulnerability in the iPhone. More specifically, it’s Apple’s Safari web browser which exhibits the vulnerability. Researchers at Independent Security Evaluators have used the vulnerability to take malicious control of the iPhone from rogue websites loaded with the exploit. Once in, researchers have full administrative access over the phone allowing them to listen in on room audio or snatch the SMS log, address book, call history, email passwords and more — we’re talking full access to your phone. Researchers note that the only way to stay safe is to check those URLs and only visit sites that you trust (which isn’t very reassuring) and “may or may not be exploitable” from Mac and PC versions of Safari — the same vulnerability exists only they haven’t written the proof-of-concept exploit to test it yet. Apple has been notified of the vulnerability and a proposed fix with full public disclosure coming at the BlackHat conference on August 2nd. You listening InfoSec Sellout? That’s how you report a bug. Check the exploit in video form after the break. [Via MacRumors]

Check out our RSS feed.
Need Free Tech Support? Ask The Admin a Question
Related Posts

Tags:
Posted in Uncategorized |


5 Responses to “Safari exploit gives hackers full control over iPhones and possibly PCs and Macs”

  1. By Unknown on Jul 23, 2007 | Reply

    That is really scary.

    [Click to Reply to This Comment.]

  2. By Anonymous on Jul 23, 2007 | Reply

    That is really scary.

    [Click to Reply to This Comment.]

  3. By Unknown on Jul 23, 2007 | Reply

    VERY disappointing on Apple`s part. I hope Openmoko doesnt suffer the same way. I doubt it though since its Linux based, but hey, its possible.:)

    [Click to Reply to This Comment.]

  4. By The Slothman on Jul 23, 2007 | Reply

    Scary yes, but I wouldn’t sweat it.

    In order to pull off that exploit, you’ve got to be on the wifi network in question, and monitoring an exact web URL that the iPhone is going to, and then inject the exploit code, and have enough time to dig into the phone.

    Lot of hoops to jump through and a lot of things have to be just right in order to get it.

    With that said, you can pretty much do that with any phone. Also, I suspect that Apple will come up with a firewall program for the phone to prevent such a thing. Blackberries come with firewalls for just that type of protection.

    I think the iPhone is sexy cool. But for enterprise use, I don’t think it is there yet because it is missing the push/real time email of a blackberry and the integrated security of the blackberry.

    Give them time to hit on these points and the iPhone will be a force to be reckoned with on the enterprise PDA/Phone market. I figure late into iPhone v2 or v3 they will be there.

    [Click to Reply to This Comment.]

  5. By Psymon101 on Jul 23, 2007 | Reply

    VERY disappointing on Apple`s part. I hope Openmoko doesnt suffer the same way. I doubt it though since its Linux based, but hey, its possible.:)

    [Click to Reply to This Comment.]

Post a Comment



Visit BEING FIVE www.beingfive.com Copyright by George Sfarnas