iPhone bug a potential threat?
There's a lot of "could" and "might" in this story, folks, so keep that in mind. MacNN is reporting that a group of iPhone developers has identified a bug in the current iPhone firmware that could lead to an exploit of the Default.png file.
Default.png is what's displayed when an application is launched in the iPhone. Typically it's a static image, but some of Apple's applications use a dynamic file, which could be fooled into granting access to third party code.
This sounds like conjecture to us, and MacNN's sources are not known, so keep that in mind. Plus, iPhone firmware 2.2 is rumored to be released on the 21st. Perhaps it will lock this down.
Share
Categories
There's a lot of "could" and "might" in this story, folks, so keep that in mind. MacNN is reporting that a group of iPhone developers has...
Add a Comment
Am I right in thinking that this would only be of real concern to those on Jailbroken iPhones downloading/installing apps via Installer, Cydia, or directly via SSH?
Seems that Apple won't vet any apps that act in this way.... or at least I hope they won't let it slip through!!!
This is hardly a bug. Basically, the whole thing boils down to you can have symlinks in your app and the codesigning doesn't sign the target of the symlink, it signs the symlink itself. That's not a bug, just a design decision. And it does not allow the app to do anything it couldn't do before - it's always been possible to execute arbitrary code, it's just disallowed by the SDK agreement. This "bug" does not change a thing.
November 12 2008 at 3:28 PM Report abuse Permalink rate up rate down Replyare all these commenters new to iphone dev? you all realize apple apps dont run in the same sandbox as 3rd party apps and can write to their own bundles and do things YOU cant. im guessing symlinks is one of them, if thats even the "exploit".
November 12 2008 at 5:03 PM Report abuse Permalink rate up rate down Reply@Jools -
Ah, OK, I see it now (but, even after you pointed it out, I had to really look for it).
I've always ignored those 'buttons' (quick glance made me think they were just 'generic' buttons for sharing/printing/emailing an article (nothing specific to a particular article)).
- Paulb
Unless I'm blind, this article didn't include a link to the original MacNN article. So, for anyone interested, here's the link:
http://www.macnn.com/articles/08/11/11/app.bug..iphone.security/
The MacNN article doesn't have many more details, but does include another link to the 'original' article at techcrunch.com:
http://www.techcrunch.com/2008/11/11/iphone-exploit-undermines-app-store-security-lets-devs-update-and-run-arbitrary-code/
- Paulb
@Paulb
The word "Source" at the bottom of the article links to the original MacNN story.
Opticians?
Although its sounds real, but somehow I am not convinced. I personally dont think it to be a bug at all...and will not an issue for the developers.
http://www.livbit.com
So what *is* the bug?
November 12 2008 at 1:17 PM Report abuse Permalink rate up rate down Replywith the doubts you have yourself, why run this story.
November 12 2008 at 1:02 PM Report abuse Permalink rate up rate down ReplyHonestly, I'm not worried about it. Nothing of the sort is likely to get into the AppStore anyway, and honestly, even without the default.png simlink workaround, it's silly to think that programmers don't have a million other ways to launch malicious code from within the app sandbox.
November 12 2008 at 12:11 PM Report abuse Permalink rate up rate down ReplyTotally not true,.. For a dutch explanation:
http://pliep.nl/blog/2008/11/iphone_lek_ondermijnt_veiligheid_app_store
and the update:
http://pliep.nl/blog/2008/11/iphone_lek_ondermijnt_veiligheid_app_store_2
simple,.. an iPhone app can't have new files (prefs/cookies) inside the app itself. so every file has a /library and a /temp directory (sandbox) and can only touch the files that belong to the app itself. you can't touch files made by another app because those files are outside the app's sandbox.
It's nog a security flaw, it's not a bug,.. it's normal behaviour, whithout this app's could not save application data/cookies/prefs.
A little more research next time please!
I'm sorry, but you're wrong.
The directory structure includes a Application and Documents folder. The actual app bundle is signed and will not function if it has been modified. However, the "exploit" is to build the app with a symlink in place of the Default.png, that points to a location inside the (changeable) Documents folder.
Theoretically, an app could download files into that folder, and use (probably another) symlink into the Documents folder to then execute the code.
Its a pretty clear violation of the SDK and App Store agreements, though, so I don't expect it to turn into a real issue.
Hot Apps on TUAW
Deals of the Day
more deals- Verizon Leather Sleeve for Tablets for $4 + free shipping
- Wicked Jaw Breaker Noise-Isolating In-Ear Headphones for $6 + free shipping
- Refurb Apple MacBook Air Laptops: 12" 64GB SSD for $699 + free shipping
- JVC Motion Sensing Clock Radio with Dual iPod Docks for $55 + free shipping
- Apple iPhone Headset with Mic for $4 + $2 s&h
- Refurb Apple iPod nano 8GB MP3 Player for $99 + free shipping, 16GB for $119
Software Updates
more updates- EFI Firmware Update brings Lion Internet Recovery to 2010-model Macs
- OS X Lion 10.7.3 released with Safari 5.1.3, Wi-Fi bug fix
- Aperture updated to 3.2.2, addresses Photo Stream issue
- Apple updates Keynote to address Lion issues
- Google Search app gets new look on iPad
- Apple releases Apple TV Software Update 4.4.3
Featured Stories
more stories
Popular Stories
TUAW (or The Unofficial Apple Weblog) is a website devoted to tips, reviews, news, analysis and opinion on everything Apple.
14 Comments