•  
Your source for indispensable Apple and Macintosh news, reviews, tips, and commentary since 1990.

 

 
Most Popular Articles
 

 

Recent TidBITS Talk Discussions
 

Take Control BooksIn Take Control of Apple Mail in Leopard, by Joe Kissell, you'll learn how to make your email come and go as it should and easily find the email that you want to read. You'll also get help with Time Machine backups of email and much more. $10.

 

Install Applications with iPhone 1.1.1 Software

The story around installing third-party applications on the iPhone changes every few days, so we at TidBITS have avoided trying to stick a pin in the process, as it were. But a few days ago, one set of the clever folks working in loosely organized teams produced AppSnapp, a successor to AppTapp (from a different group), which can "jailbreak" the iPhone 1.1.1 software, enabling third-party programs to be installed.

AppSnapp has an even simpler installation process: Just visit the Web site with an iPhone, select the installation options from the Web page, and the software is installed. You can then use the Installer application to choose other packages to install, including the Connect program for automated Wi-Fi hotspot connections that we talked about a few months ago (see "Connect More Easily to Wi-Fi Hotspots with the iPhone," 2007-09-17). I tried the process and it was fast and seamless.

Now a word to the wary: AppSnapp makes use of an exploit in the TIFF image format rendering library. A buffer overflow allows a properly crafted TIFF image to install software, essentially. (AppSnapp also patches the exploit, which is rather nice of its developers.)

This exploit and installer provides unrestricted access to the operating system, which means you should take care in choosing the sources from which you install additional iPhone software.

Apple is certainly going to fix this flaw in their TIFF interpretation - it's a significant one which could be exploited by any malicious Web site - which will then prevent releases of iPhone software after 1.1.1 from using this vector to install. Early reports from the UK, where Apple starts selling the iPhone via O2 on November 9th at 6 p.m. (actually 6:02 or "six O2"), indicate that a patched 1.1.2 release is installed on those phones.

Given the near-term arrival of an iPhone SDK, the motivation to jailbreak an iPhone will wane, unless the SDK turns out to be so lame as to push developers once again into unsupported pathways (see "iPhone Software Development Kit Set for February 2008," 2007-10-17).

Fetch Softworks: Fetch 5.3 has WebView, the easy way
to view files in a browser and copy Web addresses from Fetch.
Also a new look for Leopard, droplet shortcuts, and more.
Download your free trial version! <http://fetchsoftworks.com/>
 

Bookmark at: del.icio.us | digg | reddit | Slashdot

Back to top of article | Next article