Jump to content
1 post in this topic

Recommended Posts

So I found this link

 

http://www.securityevaluators.com/iphone/

 

over on macrumors...

 

The facts as they stand so far are:

 

1. A user is sent to a page (under attackers control {dns redirect, email link, etc}) and the contents of the iphone memory (still foggy on "stored in the memory" so maybe its just recent logs??) is sent to the attacker.

 

2. The attacker can only redirect a "trusted" page via WiFi, direct link, or obfuscated link.

 

3 The iPhone Safari browser is a fork of the 2.x Safari (native) tree.

 

SO... whats your thoughts on it?

 

I'm thinking they used a Safari 2.x exploit and just adapted it to the iphone - as during the forking process things that have since been patched in later 2.x / 3.xBeta releases may have not been included in the iPhone gold release. My first instinct is a modification to the WebKit Safari Exploit.

Link to comment
https://www.insanelymac.com/forum/topic/57884-iphone-exploit/
Share on other sites

×
×
  • Create New...