toggle

AAPL Stock: 112.94 ( + 1.16 )

Printed from http://www.macnn.com

JailbreakMe based on major PDF exploit

updated 01:35 pm EDT, Tue August 3, 2010

Temporary fix available from jailbreak community

The JailbreakMe hack for iOS devices is in fact based on a serious PDF exploit in Safari, claims security specialist Charlie Miller. The trigger for the exploit is currently believed to be a font bug which allows the site to gain deep access to the iOS firmware. "Scary how it totally defeats Apple's security architecture," Miller remarks.

There is no known way of closing the vulnerability at the moment, but it should be possible to prevent a PDF from loading automatically. The method involves installing a special DEB file on a device, which forces users to confirm that it's alright to open a PDF document. Users must, however, already have a jailbroken device in order for the technique to work.








by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. FireWire

    Joined: Dec 1969

    +4

    ouch!

    Ouch!

  1. robttwo

    Joined: Dec 1969

    0

    and now...

    From the folks who also bring you Flash....

  1. Treuf

    Joined: Dec 1969

    +7

    robttwo : too easy

    Apple implemented the reader themselves - they did the mistake here, it has nothing to do with Adobe (this time)

  1. bjojade

    Joined: Dec 1969

    +1

    Ironic.

    You have to jailbreak your device to protect the device from being jailbroken.

  1. wrenchy

    Joined: Dec 1969

    -5

    Adobe


    getting back at Apple? Or Apple leaving a security hole in iOS to make Adobe look bad?

    Things that make you go hmmmmmm???

  1. DA360

    Joined: Dec 1969

    +1

    Already Fixed, just not in the current iOS

    The thing is... This PDF issue has already been fixed awhile ago, but in the desktop version of Safari. Also, I've heard its been fixed in the iOS 4.1 betas as well (thus why Jailbreakme.com says not to upgrade beyond 4.0.1). So Apple already planned to patch this, Jailbreakme.com just beat them to the punch on patching it in 4.1.

    Though it wouldn't surprise me if, for now, they make a 4.0.2 to patch the issue.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lackin ...

toggle

Most Commented