ZOMG! Ziphone Dude Crashing iPhones With Malicious Audio Code?

Forbes.com (via TUAW) is claiming Ziphone jailbreak author Piergiorgio Zambrini has found a way to crash the iPhone (and other computer systems, according to Zambrini's own website) using specially crafted video files:

The bug Zambrini found is in the audio portion of Apple's video format. Knowing the bug exists, someone could write a program that incorporates the bug into a video file and trigger a crash whenever an iPhone attempts to run that file. The bug, which is located in a shared code library that is used across most Apple operating systems and some Linux ones as well, doesn't appear to cause any permanent damage, but immediately sends the device into a panic that leads to a lengthy reboot.

Since it crashed the device and not just the app, one security expert quoted feels it's a kernal vulnerability that's been discovered. Zambrini, who paradoxically claims to have both applied for a job with Apple's security team, and that working for Apple is not his goal, is apparently exploring the vulnerability as a way to inject malicious code.


Howsabout next time we be a little more responsible and keep the information confidential, alerting only the OS makers involved, giving them a reasonable amount of time to patch the problem before we put real world end-users at risk by alerting bad guys to potential exploits, b'okay?

Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!

Rene Ritchie

EiC of iMore, EP of Mobile Nations, Apple analyst, co-host of Debug, Iterate, Vector, Review, and MacBreak Weekly podcasts. Cook, grappler, photon wrangler. Follow him on Twitter and Google+.

More Posts



← Previously

How To: Setup AT&T Free Wi-Fi on Your iPhone

Next up →

Lightsaber Unleashed 2.1: Custom Characters and Sabers for the iPhone

Reader comments

ZOMG! Ziphone Dude Crashing iPhones With Malicious Audio Code?


And we're to believe somehow TiPB is taking the high road by re-reporting the story on its site and titling the post with such a "Tabloid-esque" and dramatic (and false) title that it is hard to ignore? Please, I can't see applying a moral reporting standard to anyone if you can't observe it yourself. I like this site, don't get me wrong, but this article seems a bit hypocritical...how about thanking him for finding it and making it public as opposed to developing malicious code?

Responsible? Z has not been responsible since day one with any of his stuff. it would be nice if he were however.

Sorry, spook, but that don't fly. Once it's out, it's out, and people have to be informed so they can prepare if any exploits do hit the wild. DNS cache poisoning was handled the right way (even if some experts guessed the specifics after partial disclosure, that partial disclosure only occurred after Microsoft and other major players were fully briefed and had solutions baking). This is closer to the socket-stress leak.
And the title isn't tabloid-esque, it's sarcastic -- though maybe the humor failed as badly as the handling of the exploit? ;)

zibri is a freakin faggot with no life. Since people doesn't donate to his website anymore he got mad. hahaha. Everything he says is a lie. This post is irrelevant.

That Doesn't fly? Wow...feels like an episode of the Sopranos...
I'm still at a loss as to how you are faulting someone for making a security risk public, as you re-report the same story? Are you lost on the connection at all? I'm not faulting you for reporting it, but you are faulting someone else for the doing the same thing (someone who informed Apple in details, btw).
And yes, the title is misleading and a stab for attention...as much as if I was to say "TiPB supports people crashing iphones with malicious audio code"...simply because you report a problem doesn't mean you ARE the problem.

Hey Spook- Rene is right.
I also think you're forgetting about the original problem here in the first place. THAT GUY did not report it to Apple right away, he just posted it out to the public first. THAT'S the problem.
The iPhone blog is not Posting this information out to the public what TiPb is doing is LETTING THE PUBLIC KNOW that this guy already did this. It's basically a warning.
and for people like ME? who don't read on some losers website i never even knew about this piece of information, so it's basically NEWS to me and helpful to me. Now i can keep myself on sort of an Orange alert status until i see a fix for it.

All well and good points, and I hate to beat a dead horse here, but if you read carefully, and get the whole story from elsewhere besides just here, you'll find he submitted it to Apple's security team long before the Forbe's article hit the net, or his own blog, read, straight from the article, where it mentions JULY:
"Zambrini told Forbes.com that he spotted the bug in July, and sent an e-mail to Jobs explaining what he found."
in fact, he has a history of doing so with previous issues as well over the past year or two. How exactly does 4 months after reporting it to Apple going public with it pan out to him going public first? Or is it just the fanboy stardust messing with people's perceptions of time and date?