Jailbreakme site utilizes PDF exploit in iOS
We reported on the return of browser-based jailbreakme.com yesterday. Today IT security guru F-Secure revealed just how the site is able to work.The jailbreak method utilizes a PDF exploit found in the iOS software. Charlie Miller with Independent Security Evaluators, tweeted, " Starting to get a handle on jailbreakme.com exploit. Very beautiful work. Scary how it totally defeats Apple's security architecture."
What the exploit does is take a PDF sitting in a subdirectory of jailbreakme.com, shown on the right, and brings it into your device. PDF browsing is done through Safari, and the jailbreak exploits that weakness by using a corrupted font placed inside the PDF file to crash the Compact Font Format handler and allows access to the iOS.
iPhone devteam member chpwn told us today, "There are other (public) exploits in Safari, including some on Apple's website that are fixed in desktop Safari but not iOS. Therefore, the JailbreakMe exploit isn't really a big deal for security."
And even if it is, apparently there are other ways into the system. Comex, author of the exploit, sent a tweet yesterday saying, "M aybe I'll rely on USB based stuff for the next jailbreak so that Apple won't patch it so fast."
Share
We reported on the return of browser-based jailbreakme.com yesterday. Today IT security guru F-Secure revealed just how the site is able to...
Add a Comment
https://twitter.com/ceoSteveJobs/status/20152872289
August 03 2010 at 6:16 PM Report abuse Permalink rate up rate down ReplyWhy in the world would anyone publish this?! Might as well tell Apple how to fix it, because you know it's gonna happen anyway in 2 weeks. Idiots
August 03 2010 at 5:50 PM Report abuse Permalink rate up rate down ReplyApple probably figured this out on their own shortly after the jailbreak was released (they do have some very smart people working there). I knew it was pdf based (as I took a quick peek into that directory before I was doing the jailbreak), but I didn't quite get what pdf issue they were exploiting. We knew that there would be a fix to this in 4.1, or even in a 4.0.2, but those who want the jailbreak know to simply avoid Apple updates and save their SHSH blobs on Saurik's servers.
August 03 2010 at 7:32 PM Report abuse Permalink rate up rate down ReplyApple already has fixed it, the fix just hasn't come to the iOS version of Safari, but its coming. It was implemented in the newest Safari for Mac OS and Windows before this jailbreak happend, and has been implemented in the iOS 4.1 betas (thus why Jailbreakme.com recommends NOT going beyond 4.0.1).
August 03 2010 at 7:52 PM Report abuse Permalink rate up rate down ReplyWhy these 'security firms' and 'gurus' don't shut up? If they are not helping the majority, then they should refrain themselves from making statements about how they 'brilliantly found' the exploit?
If they are so good at it, why don't they prove the other way, detect and show an exploit before the real thinkers like @Comex and the rest of the Dev Team?
Isn't that their work? TO PREVENT THINGS FROM HAPPENNING instead of piggy-backing???
its apple's job to "stop the dev team" not that of a security firm.
after all, apple doesn't pay them. most of the time not even the credits to the security hole.
beside, the dev team is smarter than many of the other security firms as they've shown previously.
when they say its "Very beautiful work." it is just a tweet, and nothing more than a tweet.
he is expressing his respect to comex. When other people and blogs pick his tweet up and write an article, it's not his fault.
"If they are not helping the majority, then they should refrain themselves" Tell that to the people who fight the HI Virus. It's not helping the majority, since HI Positive people are a minority. should the researched refrain themselves too?
Does this mean that Comexs and The Dev Teams work is going to go to waste? Apple isnt going to allow an vulnerability like this be unpatched very long - and they will patch the jailbreak in the process!!
August 03 2010 at 2:21 PM Report abuse Permalink rate up rate down ReplyI'll let @musclenerd answer that ;)
"Apple will fix this bug very quickly. Run FW Umbrella http://is.gd/dYkKl now so you can use jailbreakme.com forever."
and
"Even those who don't want to JB right now, run FW Umbrella now for when you later realize you do :) There is a "too late""
Yes but if you have your shsh on file via cydia/tinyumbrella, you can always restore to the firmware you are on and then you can always go to the website to jailbreak it.
Apple's fix will only affect people on whatever the next firmware version is 4.1, etc.
"Anyone want to bet about how long until a fix is released?"
August 03 2010 at 2:06 PM Report abuse Permalink rate up rate down ReplyHot Apps on TUAW
Deals of the Day
more deals- Verizon Leather Sleeve for Tablets for $4 + free shipping
- Wicked Jaw Breaker Noise-Isolating In-Ear Headphones for $6 + free shipping
- Refurb Apple MacBook Air Laptops: 12" 64GB SSD for $699 + free shipping
- JVC Motion Sensing Clock Radio with Dual iPod Docks for $55 + free shipping
- Apple iPhone Headset with Mic for $4 + $2 s&h
- Refurb Apple iPod nano 8GB MP3 Player for $99 + free shipping, 16GB for $119
Software Updates
more updates- EFI Firmware Update brings Lion Internet Recovery to 2010-model Macs
- OS X Lion 10.7.3 released with Safari 5.1.3, Wi-Fi bug fix
- Aperture updated to 3.2.2, addresses Photo Stream issue
- Apple updates Keynote to address Lion issues
- Google Search app gets new look on iPad
- Apple releases Apple TV Software Update 4.4.3
Featured Stories
more stories
Popular Stories
TUAW (or The Unofficial Apple Weblog) is a website devoted to tips, reviews, news, analysis and opinion on everything Apple.
14 Comments