Print 11 comment(s) - last by Jane999.. on Aug 14 at 3:26 AM

Jailbreaking users much choose whether to give up their jailbreak privileges or expose themselves to a serious security risk.
Mac computers may also be at risk from "impressive" hack

Apple yesterday released an update to users that patches the PDF flaw in the iPhone and iPad browsers, which was unveiled 10 days ago.  While providing a convenient route to jailbreak and then unlock the iPhone iOS 4.0.x devices, it also proved a serious security risk.

iPhone Dev Team leader Comex within 10 minutes of the Apple patch went live published full details of the hack, including source code.  Looking at the source, Mikko Hypponen, chief research officer at antivirus company F-Secure, commented, "Impressive. And dangerous."

Dangerous, indeed.  Now that the code is in the wild, those customers who choose not to patch their phones must be very wary of any PDFs or links they encounter on websites, as it would be elementary to craft an attack based on Comex's source code.

One individual, “MTWomg”, brazenly posted on Twitter, "@comex thanks, using it to make malicious s*** now."

Famed iPhone and Mac exploiter Dino Dai Zovi, co-author of 
The Mac Hackers Handbook, chimed in, "Now that @comex released his jailbreak source, any bets on how long before it is ported to Metasploit?"

Zovi referred to the Metasploit which black hat hackers commonly use as a hacking toolkit, despite being intended as a legitimate penetration testing kit for security researchers.

Only the iPhone 3G, iPhone 3GS, corresponding iPod Touches, iPad, and iPhone 4 were patched.  Apple left the first generation iPhone and iPod Touch unpatched and at risk.  Interestingly, Apple's desktop Safari may also be vulnerable to a similar exploit of the FreeType font engine.  No patches have been applied to the desktop browser, yet.

The iPhone Dev Team calls Apple out for leaving users of older iPhone hardware out of the loop:

The only problem is they outright abandoned iPhone2G and iPod Touch 1G users!  Even though Apple acknowledges in their security update the severity of these holes, they left iPhone2G and ipt1G owners high and dry — completely vulnerable to truly malicious variants of jailbreakme (these variants aren’t out yet, but they’re sure to come!).

However, users of jailbroken phones and iPads can download a patch for their devices running iOS 4.0.1 and iOS 3.0.1 to plug the security hole directly from Cydia.

The official Apple patches for the PDF vulnerability are available here for iOS 4.0.2 for iPhone and iPod touch and here for iOS 3.2.2 for iPad.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Closed Platform
By Gio6518 on 8/12/2010 3:04:02 PM , Rating: 5
for someone who is all for a closed platform, they have absolutely no idea how to close it or secure it..... LOL

RE: Closed Platform
By Camikazi on 8/12/2010 4:19:28 PM , Rating: 3
Security through obscurity, Apple screwed themselves when they became very popular :P

New approach to battling jailbreakers
By tastyratz on 8/12/2010 3:47:19 PM , Rating: 2
Taking all kinds of heat on anticompetitive practice? Well this is what one might call "self weeding". a way to prevent people from jailbreaking their phones and forcing them to upgrade to new devices. Passive and clever as well as no fault. sad.

RE: New approach to battling jailbreakers
By kmmatney on 8/12/2010 7:41:25 PM , Rating: 2
Well, I don't know about the sad part. It's pretty much something that has to be fixed - and by definition it will stop jailbreaking since it uses the same security hole.

The warranty ended recently on my 3GS, and I was planning on jailbreaking it, but hesitant knowing it might have this vulnerability. Good to know a patch is available for jailbroken phones now. I'm not sure they've figured out how to do it on a 3GS with IOS4, with the newer boot-rom, though.

By robp5p on 8/12/2010 8:50:30 PM , Rating: 2

very useful site to figure out what is available for what iOS/boot loader/etc.

By jimbojimbo on 8/13/2010 12:12:30 PM , Rating: 2
I was planning on jailbreaking it, but hesitant knowing it might have this vulnerability
What?? It already has the vulnerability!!! That's the point! How come people are still confused over this matter? Tell people over and over that 2+2=4 an they'll still post that 2+2=5. How is this happening?
The 4.0.2 firmware IS NOT for fixing jailbroken phones. It's for fixing Apple's crap.

I love how a vulnerability for iOS comes out and you have to basically reinstall the entire firmware. How about a little patch instead?

It just works
By chick0n on 8/12/10, Rating: 0
RE: It just works
By adiposity on 8/12/2010 3:37:35 PM , Rating: 2
If they're not buying a phone/ipods every year they are not giving us enough money ! We design our product to last about a year

Point taken, although these are 3 year old phones we're talking about.

RE: It just works
By Gio6518 on 8/12/2010 5:22:22 PM , Rating: 2
Who give a crap about iPhone2G/First gen iPod touch users

apple does at least when they talk about sales (android may be activating 300k a day but we've sold over 80 million ).....other than that no-one

By sprockkets on 8/12/2010 9:07:37 PM , Rating: 2
Only the iPhone 3G, iPhone 3GS, corresponding iPod Touches, iPad, and iPhone 4 were patched.

From what others have said on other forums, this problem already existed on the original iphone and was patched a long time ago. Even so, for a bug to come back in later firmware is lame.

By Jane999 on 8/14/2010 3:26:46 AM , Rating: 2
The dev-team has done it again! They deserve the "we're-not-worthy" worship from the iPhone slaves.
I jailbroke my iPad wi-fi with jailbreakme and now my wi-fi signal indicator in the corner is gone but I'm still connected and all the services that gather my location don't work. Like maps and Twitter can no longer use my location. I'm still glad I did it though. Backgrounding and free apps without having to wait for iOS 4.2 for iPad, more I installed flash on my iPad, I can enjoy movies from Hulu and YouTube freewheelingly, though I got an iPad video Converter from ifunia, that only make sense when I travel and don't have much data.

"Google fired a shot heard 'round the world, and now a second American company has answered the call to defend the rights of the Chinese people." -- Rep. Christopher H. Smith (R-N.J.)

Copyright 2015 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki