toggle

AAPL Stock: 100.96 ( -0.83 )

Printed from http://www.macnn.com

JailbreakMe based on major PDF exploit

updated 01:35 pm EDT, Tue August 3, 2010

Temporary fix available from jailbreak community

The JailbreakMe hack for iOS devices is in fact based on a serious PDF exploit in Safari, claims security specialist Charlie Miller. The trigger for the exploit is currently believed to be a font bug which allows the site to gain deep access to the iOS firmware. "Scary how it totally defeats Apple's security architecture," Miller remarks.

There is no known way of closing the vulnerability at the moment, but it should be possible to prevent a PDF from loading automatically. The method involves installing a special DEB file on a device, which forces users to confirm that it's alright to open a PDF document. Users must, however, already have a jailbroken device in order for the technique to work.








by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. FireWire

    Joined: Dec 1969

    +4

    ouch!

    Ouch!

  1. robttwo

    Joined: Dec 1969

    0

    and now...

    From the folks who also bring you Flash....

  1. Treuf

    Joined: Dec 1969

    +7

    robttwo : too easy

    Apple implemented the reader themselves - they did the mistake here, it has nothing to do with Adobe (this time)

  1. bjojade

    Joined: Dec 1969

    +1

    Ironic.

    You have to jailbreak your device to protect the device from being jailbroken.

  1. wrenchy

    Joined: Dec 1969

    -5

    Adobe


    getting back at Apple? Or Apple leaving a security hole in iOS to make Adobe look bad?

    Things that make you go hmmmmmm???

  1. DA360

    Joined: Dec 1969

    +1

    Already Fixed, just not in the current iOS

    The thing is... This PDF issue has already been fixed awhile ago, but in the desktop version of Safari. Also, I've heard its been fixed in the iOS 4.1 betas as well (thus why Jailbreakme.com says not to upgrade beyond 4.0.1). So Apple already planned to patch this, Jailbreakme.com just beat them to the punch on patching it in 4.1.

    Though it wouldn't surprise me if, for now, they make a 4.0.2 to patch the issue.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Autodesk Smoke 2015

Since May of this year, Autodesk has been shipping the highly anticipated update to its high-end post-production video editing suite, ...

Crucial MX100 256GB SATA-3 SSD

While the price-per-gigabyte ratio for magnetic platter-based hard drives can't be beat, the speed that a SSD brings to the table for ...

Narrative Clip

With the advent of social media technology, people have been searching for new ways to share the events of their daily lives -- be it ...

toggle

Most Commented