A buffer overflow when handling malicious TIFF images has been identified with Safari on the iPhone and the iPod Touch. Successful exploitation allows for arbitrary code execution and there are numerous exploit samples readily available from a number of sources. This code is currently being used to enable unlocking iPhone firmware 1.1.1, but may be used for malicious purposes in the future.

Description:

A new vulnerability has been identified with the iPhone and the iPod Touch product lines from Apple, Inc. The specific vulnerability is with the handling of malicious TIFF image files, allowing an attacker to run software of their choice on a victim's device, if the victim can be convinced to view or otherwise interact with the malicious image. At this stage, the vulnerability is being used to allow iPhone users to unlock their devices again, however there is the risk of malicious usage in the future.

Mitigation:

At this stage the exploit is primarily being used as a means to provide iPhone owners with the means to unlock their devices, however there is still the risk of malicious usage.

Concerned users should avoid browsing untrusted websites using their iPhone or iPod Touch until Apple can release a patch.

Updates:

Not Yet Available

Source:

Multiple

Exploits:

Multiple sources