Results 1 to 4 of 4
Discuss fw 1.1.1 and the TIFF exploit...still ok to use? at the iPhone "2G" (Rev. 1) - Hackint0sh.org; I read these posts pretty much every day and have been seeing some people suggesting ...
  1. #1
    Senior Professional Array

    Join Date
    Aug 2007
    Posts
    108
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    12

    Default fw 1.1.1 and the TIFF exploit...still ok to use?

    I read these posts pretty much every day and have been seeing some people suggesting that apple has shut down the TIFF exploit with the release of a new 1.1.1.ipsw file. Does anyone know what versions still work...IF this is indeed true...I feel like people dont get through to jailbreakme.com and just simply claim the exploit has been closed.
    I have iphone1,1_1.1.1_3a109a_Restore.ipsw and would like to upgrade but I cant find out if this version will be TIFF exploitable.
    So, can anyone confirm this apparent urban legend? If so, which .ipsw versions should we stay away from and which ones are ok?

    Edit update: I have found a previous version of 1.1.1, and its called 3B13, the updated version is called 3A109a. If you used the TIFF exploit, can you please go to Settings, General, About, and then report what is at "Version" (i.e., is it 1.1.1. 3A109a or is it 1.1.1 3B13)? This would be much appreciated. On the Apple web site, it discusses the security updates with 3A109a, one of them regarding Safari and dialing the iPhone:

    "Safari

    CVE-ID: CVE-2007-3757

    Impact: Visiting a malicious website may lead to unintended dialing or dialing a different number than expected

    Description: Safari supports telephone ("tel:") links to dial phone numbers. When a telephone link is selected, Safari will confirm that the number should be dialed. A maliciously crafted telephone link may cause a different number to be displayed during confirmation than the one actually dialed. Exiting Safari during the confirmation process may result in unintentional confirmation. This update addresses the issue by properly displaying the number that will be dialed, and requiring confirmation for telephone links. Credit to Billy Hoffman and Bryan Sullivan of HP Security Labs (formerly SPI Labs) and Eduardo Tang for reporting this issue."

    For 1.1.2


    "ImageIO

    CVE-ID: CVE-2006-3459, CVE-2006-3461, CVE-2006-3462, CVE-2006-3465

    Available for: iPhone v1.0 through v1.1.1, iPod Touch v1.1 and v1.1.1

    Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution

    Description: ImageIO contains a version of libtiff that is vulnerable to multiple buffer overflows. By enticing a user to view a maliciously crafted TIFF image, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issues by performing additional validation of TIFF images. These issues do not affect Mac OS X v10.3.9 systems with Security Update 2006-004, Mac OS X v10.4.7 systems with Security Update 2006-004, or systems running Mac OS X v10.4.8 or later. Credit to Tavis Ormandy, Google Security Team for reporting this issue."

    So, I suspect the myth that the TIFF exploit was closed in 1.1.1 is now dead... anyone agree with this?
    Last edited by vancity; 11-19-2007 at 06:32 PM. Reason: updated info



  2. #2
    Rookie Array

    Join Date
    Nov 2007
    Posts
    25
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    I used 3a109a 1.1.1 ipsw version on my OTB UK iPhone and it worked - tiff exploit wa s unpatched...
    OTB UK iPhone 1.1.2
    Jailbreaked and activated

  3. #3
    Senior Professional Array

    Join Date
    Aug 2007
    Posts
    108
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    12

    Default

    bump to the front for a response.

  4. #4
    Newbie Array

    Join Date
    Nov 2007
    Posts
    8
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    I used 3A109a yesterday and it's fine..

 

 

Similar Threads

  1. TIFF exploit in 1.1.2 and later
    By goudok in forum General
    Replies: 9
    Last Post: 12-08-2007, 01:01 AM
  2. Tiff Exploit Fix
    By lighter in forum General
    Replies: 15
    Last Post: 11-13-2007, 06:08 AM
  3. TIFF Exploit fix for 1.0.2
    By abtf2 in forum General
    Replies: 1
    Last Post: 10-31-2007, 11:05 PM
  4. TIFF Exploit Fix
    By teekay in forum General
    Replies: 3
    Last Post: 10-30-2007, 02:15 PM
  5. Tiff exploit fix
    By chow7 in forum Free Toolchain Software (Cydia App's)
    Replies: 2
    Last Post: 10-29-2007, 07:32 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 08:59 AM.
twitter, follow us!