It looks like the dev team is up to something. I have been following them over at IRC and it looks like Mobile Safari on both the touch and the iPhone are suffering from a one year old TIFF exploit.

Basically, opening a carefully crafted TIFF image will crash mobile safari, causing a buffer overflow and allow for arbitrary code execution. This same exploit was used more than 1.5 years ago to crack the PSP firmware.


EDIT: Stop posting retarded questions on the irc dev channel. The dev channel is only for iPhone developers/hackers. Post generic iphone/unlocking questions to #iphone or #iphone-tards

EDIT 2: The exploit wasn't discovered by the Dev team. It was discovered by PSP hacker Niacin. It was posted in the dev channel though.

EDIT 3: See page 10 for updates from Niacin.

Good news!!!

great.. hope we can get somewhere soon!

Nice!!!!!!

You can do it Dev Team.

Watch this wiki for updates on this specific proposal

http://www.touchdev.net/wiki/Decrypt...uffer_Overflow

that could be big! upgrading leaves the /var partition alone, so you could install a whole BSD subsystem and ssh/sftp in the /var partition, upgrade, and employ this exploit to copy everything to /bin and run it... even if 1.1.1 will only run signed applications, you can write code through the exploit to peek and see what's there. If this works, 1.2.1 MobileSafari will run as a contained process with very few permissions .

Originally Posted by mr_

that would be huge news! upgrading leaves the /var partition alone, so you could install a whole BSD subsystem and ssh/sftp in the /var partition, upgrade, employ this exploit to copy everything to /bin, and we are in business!!!

Exactly! Let's wait and see. The next few hours are going to be exciting !!

This is great news...... Go dev team

wow - thats a great find!!!

i only wish Dark_AleX / M33 of PSP firmware cracking fame was an iPhone user! lol