The vulnerability was reported on the Toc2rta website by a hacker referring to themself as Niacin.
The researcher said Wednesday on Toc2rta that they hope to soon have “a complete exploit rolled into one TIFF.”
Secunia, a Copenhagen-based vulnerability monitoring organisation, ranked the flaw as “highly critical,” saying it can allow denial-of-service attacks and system access from a remote location.
The vulnerability is caused by an error in the processing of TIFF files and can be exploited by a specially crafted TIFF when it is viewed in Safari, the browser used by the iPhone and iPod Touch.
The vulnerability exists in iPod Touch and iPhone versions 1.1.1. Secunia warned in an advisory released today that other versions may also be affected.
An Apple representative could not immediately be reached for comment.
Apple has released two patch bundles for the mobile device since the iPhone's June 29 release.
iPhone 1.1.1 update, distributed Sept. 27, fixed numerous Safari flaws, as well as issues in Bluetooth and Mail.
Released on July 31, iPhone update 1.0.1 fixed flaws in Safari, WebCore and WebKit.
Amol Sarwate, director of the vulnerability research lab at Qualys, told SCMagazineUS.com today that the flaw reflects the trend of malicious code served through media vulnerabilities.
“There are two ways of exploiting this: either send an email with an attached image or somehow lure someone to go to a website,” he said. “This falls in line with the trend of vulnerabilities that we've seen in the past year or so, coming through images, videos and MP3s.”
See original article on SC Magazine US
iPhone, iPod Touch TIFF flaw revealed
By Frank Washkuch on Oct 15, 2007 10:11AM