iPhone, iPod touch 'jailbreak' app patches critical TIFF bug
- 30 October, 2007 08:09
Hackers have released a tool that "jailbreaks" up-to-date iPhones and iPod touches, but unlike previous such software, doesn't require a Mac or PC as a middleman.
As an added bonus, the software, dubbed AppSnapp 1.1.1, patches a vulnerability in the stripped-down Mac OS X both devices use that had been exploited previously to unlock iPhones.
Created by a group of nine developers, among them HD Moore of Metasploit fame, AppSnapp opens both the iPhone and iPod touch, then installs another program, Installer.app, which in turn can install unauthorized, non-Apple programs. The iPhone and iPod touch must be running the current firmware, version 1.1.1, the AppSnapp hackers said.
The jailbreak does not unlock the iPhone -- open it so that calls can be made using a mobile carrier other than AT&T, the only company sanctioned thus far by Apple. "AppSnapp does not unlock the phone. You will have to use anySIM to do so after you install AppSnapp," according to an FAQ on the AppSnapp site.
Unlike earlier jailbreaks, AppSnapp 1.1.1 can only be installed from the iPhone/iPod touch built-in Safari Web browser, which eliminates the need to connect the device to a Mac or PC, then run a jailbreak program from the computer.
The utility also fixed a long-standing vulnerability in the iPhone's and iPod touch's TIFF image-rendering library. That bug, which is shared by Safari, the iPhone's e-mail application and iTunes, had been used to both unlock iPhones and install earlier jailbreak programs. "[AppSnapp] Fixes Apple's TIFF bug, making your device more secure than it was without AppSnapp!" the hackers' site boasted.
Two weeks ago, HD Moore publicized the TIFF vulnerability by posting multiple exploits he said were "rock solid," and that could easily compromise any iPhone, no matter what firmware it ran.
AppSnapp is available free of charge from the jailbreakme.com site. Its creators, however, are accepting donations made through PayPal.