Monday November 26, 2007
- iPhone in France: D-Day -3 - Lionel - 08:47:47
Three days before the launch of the iPhone in France, we decided to compile information about Apple-branded mobile phone as well as the possibility to use it with any carrier.
- All iPhones are now shipping with Firmware 1.1.2 and Bootloader 4.6 (the lowest layer of the code, controlling the firmware flashing).
- SIM unlocking of such iPhone model (Firmware 1.1.2 and Bootloader 4.6) remains currently impossible.
- One can use a TurboSIM with such iPhone model, however, it will add an additional cost (70-100€) to the already expensive iPhone purchased from the grey market.
If solutions should be found in the coming weeks to bypass protections introduced with Firmware 1.1.2 and Bootloader 4.6, no ones knows today how it will evolve in the future.
One can jailbreak the Firmware 1.1.2, to add third-party applications, but the procedure is not straight forward, as it requires to flash the firmware back to version 1.1.1 including the TIFF overflow vulnerability. However to make things even more complicated, Apple released a modified Firmware 1.1.1 lacking this flaw.
Of course the easiest way to enjoy the GUI and the power of the iPhone in France will be to sign up one of the Orange subscription plan (+ 399€ for the iPhone):
If the official launch is on Friday November 29th, one will be able to purchase the iPhone, the day before from 18h30 in 12 Orange Shops (no information concerning their location).
[translation by Linathael]
- Where are the iPhones Purchased in UK? - Lionel - 08:28:41
According to reliable sources quoted by Theregister, only 26,500 iPhones purchased in UK have been activated by O2 over the last 2 weeks. This is less than one fourth of all iPhones sold in UK! So the obvious question to ask: where are the remaining iPhones?
Some optimistic analysts expect that most of them are now sitting in packed boxes as Christmas present. However, one can easily imagine that most of the missing iPhones have been bought, then jailbroken, and then either immediately sold on the grey market, or directly used in UK with an officially non supported carrier.
One will have to wait for figures from Germany to have a better idea of the number of jailbroken iPhones. On November 29th, T-Mobile will face the German court to defend terms of its exclusive deal with Apple, while the iPhone will be launched in France.
If in all European countries where the iPhone is available, the number of jailbroken units rocket too high, Apple's European Partners might be willing to renegotiate terms of their agreement, and Cupertino might have to change its iPhone business plan accordingly prior the introduction of the iPhone in Japan.
[translation by Linathael]
- Vulnerability in QuickTime 7.3 - Lionel - 08:26:51
The US Computer Emergency Readiness Team released a RTSP Content-Type header stack buffer overflow vulnerability affecting QuickTime 7.3, and indirectly iTunes 7.5, running on Windows:
OverviewAs this vulnerability is described as affecting only windows version of QuickTime, it remains unknown if it would also affect Mac OS X version.
Apple QuickTime contains a stack buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service condition.
Description
Real Time Streaming Protocol (RTSP) is a protocol that is used by streaming media systems. The Apple QuickTime Streaming Server and QuickTime player both support for RTSP.
Apple QuickTime contains a stack buffer overflow vulnerability in the way QuickTime handles the RTSP Content-Type header. This vulnerability may be exploited by convincing a user to connect to a specially crafted RTSP stream. Note that QuickTime is a component of Apple iTunes, therefore iTunes installations are also affected by this vulnerability. We are aware of publicly available exploit code for this vulnerability.
Impact
By convincing a user to connect to a specially crafted RTSP stream, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. An attacker can use various types of web page content, including a QuickTime Media Link file, to cause a user to load an RTSP stream.
As usual to avoid exposure to a potential thread, simply avoid watching video streaming from unknown source.
[translation by Linathael]
