H.D. is just totally pwning the iPhone. He’s got a two part series that covers using a LibTiff vuln to get shellcode running in say Safari which runs as root.
Here’s why I find this all very interesting . . . one would think that Apple would have done some pretty extensive file format fuzzing and testing of the most obvious high risk code (I would think any image rendering / video rendering code on the device would be one of the most obvious entry points used by hackers to gain code execution – along with the radio stacks). One would also think that Apple may have looked at other similar devices and how they’ve faired in the market over the last few years. For example – the Sony PSP . . . arguably the most heavily pwned handheld device on the planet – also suffered from a libTIFF vulnerability which was then used by crackers to downgrade the firmware on the devices. Why *downgrade* the firmware? Usually this is done to facilitate piracy, playing of older un-supported games, running homebrew OS’s and apps etc. etc. Basically it’s usually done to ‘free’ the device from the ‘shackles’ of the vendor. Security vulnerabilities that allow root access to the device facilitate downgrade style attacks.
Seems Apple is heading in the same direction?