[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Fwd: Iphone
- To: RandallM <randallm@xxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Fwd: Iphone
- From: T Biehn <tbiehn@xxxxxxxxx>
- Date: Sun, 14 Jun 2009 14:38:35 -0400
Randal,
I'm going to assume you're thinking of the mayhem-prone ActiveX
object/embed tags... No this is not how they work. It's fairly obvious
why it doesn't work that way.
They are standard e-mail attachments, the iphone mail proggy (though
an unknown mechanism) recognizes it has a reader enabled for them, and
offers that as an option.
It's very doubtful, when you take into account the surround, that this
is an exploitable vector.
Think I'm taking a logical leap?
You are, for example, hopeful that some file type has a registered
viewer that allows you to change settings... Nothing on the iPhone
works this way, this would not be the case, the programmers would
basically have to be arsed to write insecure code (a backdoor) rather
than necessity & ignorance breeding insecure code.
You will have much more luck working against Safari and the PDF Viewer
and providing links and malicious attachments.
-Travis
On Sun, Jun 14, 2009 at 9:37 AM, RandallM<randallm@xxxxxxxxxxx> wrote:
> Curious, any one on the list familiar with iPhone processes used for
> email hypertxt and picture view through email? What processes are used
> and called? Is it the basic same as IE and windows? Are there any
> documents written (going to google in a bit).
> There are a lot of "fun" features of the IPhone called and uses by
> apps that I was curious if could be reached through email not for
> havoc but fun. Of course that would also open a can of worms I
> suppose.
>
> It's an iPhone thing
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/