A researcher has revealed a flaw in the iPhone, as well as the recently released iPod Touch, that can be exploited via malicious TIFF files.The vulnerability was reported on the Toc2rta website by a hacker referring to themself as Niacin.
The researcher said on Toc2rta that they hope to soon have "a complete exploit rolled into one TIFF."
Secunia, a Copenhagen-based vulnerability monitoring organisation, ranked the flaw as "highly critical," saying it can allow denial-of-service attacks and system access from a remote location.
The vulnerability is caused by an error in the processing of TIFF files and can be exploited by a specially crafted TIFF when it is viewed in Safari, the browser used by the iPhone and iPod Touch.
The vulnerability exists in iPod Touch and iPhone versions 1.1.1. Secunia warned in an advisory released today that other versions may also be affected.
Apple has released two patch bundles for the mobile device since the iPhone's 29 June release.
iPhone 1.1.1 update, distributed 27 September, fixed numerous Safari flaws, as well as issues in Bluetooth and Mail.
Released on 31 July, iPhone update 1.0.1 fixed flaws in Safari, WebCore and WebKit.
An Apple representative could not immediately be reached for comment.