Metasploit adds iPhone/iPod Touch hacks

Exploits are released based on a recent TIFF image-rendering flaw.

As reported in ComputerWorld, security researcher H.D. Moore has included several iPhone and iPod Touch exploits in the latest Metasploit tool. The free tool is used by professional pen-testers and criminal hackers alike. The new exploits take advantage of a flaw in the TIFF image-rendering library and are similar to flaws used by the iPhone Dev Team.

"This exploit is rock solid. It's very reliable, as reliable as the WMF [Windows Metafile] exploits in Windows. You can send it in an e-mail; you can embed it in a Web page," Moore told ComputerWorld.

Even if Apple fixes the flaw, which it is expected to do soon, Moore says that criminals can still exploit it by rolling the firmware back to a prepatched version. A Trojan in 2005 used a similar firmware rollback on the Sony PlayStation Portable.

Moore has previously written in his blog how any successful hack on a iPhone will give the attacker root access to the entire phone. In the past, adding exploits to Metaploit has been a shortcut to the wild attacks.

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Galleries from CNET
    Uber's tumultuous ups and downs in 2014 (pictures)
    The best and worst quotes of 2014 (pictures)
    A roomy range from LG (pictures)
    This plain GE range has all of the essentials (pictures)
    Sony's 'Interview' heard 'round the world (pictures)
    Google Lunar XPrize: Testing Astrobotic's rover on the rocks (pictures)