Recently Independent Security Evaluators (ISE) released information on a MoblieSafari flaw that could be used to attack iPhone users. While several of the applications on the iPhone are based on the open source WebKit project, the flaw discovered by ISEE was found by fuzzing the MoblieSafari browser application (PDF). More information on this exact flaw will be released at Blackhat next week. I am looking forward to seeing this talk.
In addition, the crew over at Errata Security are fuzzing the Bluetooth stack of the iPhone and have found several points of interest....no details have been released however.
Security Researcher Tom Ferris paid someone to stand in line for him in order to get an early crack at the iPhone. He planned on fuzzing the Wifi network drivers and looking deeper into the Scalable Vector Graphics (SVG) support of Safari on the iPhone (fuzzing the browser?). He believes that SVG bugs discovered in OS X might be applicable against the iPhone.
After the whole Safari Beta on Windows debacle, it seemed clear to everyone that Apple didn't fuzz the Safari browser (or at least not to the level that most expected). Due to the very short time period between the release of Safari Beta and the iPhone, it doesn't seem unreasonable to say that Apple might have went little on the iPhone fuzzing as well.
Everyone is digging into the iPhone and little pieces of hacker gold are being found. So my feeling is that the iPhone will fall under the gun.
And that gun will be a fuzzer.
No comments:
Post a Comment