Print 34 comment(s) - last by croc.. on Aug 9 at 8:53 PM

The same exploit that allows the new iPhone 4 jailbreak could put ALL users at risk of data theft.
Hackers salivate at opportunity to exploit thousands of new iPhone unlockers

The iPhone 4 has finally been jailbroken, thanks to the hard work of the Apple Dev Team.  An unlock is expected to soon follow.

Unfortunately, the route used to jailbreak the phone appears to be just as readily exploited for less noble purposes.  The method used by involves navigating to a website with a PDF document.  Due to poor programming, the PDF is allowed to execute code that would normally be disallowed.  For the jailbreakers, this means executing code that will free your phone from Apple's walled garden.

However, for malicious hackers, this exploit could allow for the theft of your address book, text message database, pictures, and more on any iPhone 4.  Reportedly, the method has not yet been broadly published, but will soon be publicly disclosed.  At that point, black hat hackers will be able to have a field day.

Apple likely will jump at the opportunity to patch this hole, locking out jailbreakers in the process.  As jailbreaking was recently ruled legal in amendments to the Digital Millennium Copyright Act, Apple might otherwise find it harder to justify moving to deliberately shut out the jailbreakers.

You can use iFile or SSH on the iPhone to install a browser plugin called "PDF Loading Warner", which will ask for permission whenever a site wants to display a PDF file.  You can get the .deb file here.  A standard installer should be available on Cydia in the next couple of days.

Until you get that, it's recommended that you limit your browsing to known trusted sites only.  Again, this exploit applies to 
all iPhone 4 users -- not just the ones who jailbroke their phones.

UPDATED: Aug. 3, 2010 1:55 p.m.-

To clarify both iPhone OS 4 and iPhone OS 3 are vulnerable.  This means that virtually any iPhone 3G, 3GS, or iPhone 4 is at risk.  The vulnerability stems from a problem in how the mobile Safari browser processes Compact Font Format (CFF) data.  When it encounters this data -- typically found in PDF documents -- a memory corruption error results, allowing the execution of arbitrary code, including malicious commands.

A full post on this, courtesy of McAffee antivirus researcher David Marcus (sourcing a vulnerability assessment by Vupen) can be found here.

UPDATED 2: Aug. 8, 2010 9:30 p.m.

Apple's has announced plans to remedy the woefully poor parsing code in its mobile Safari browser.  Speaking with CNET, an Apple spokesperson remarked, "We're aware of this reported issue, we have already developed a fix and it will be available to customers in an upcoming software update."

The fix reportedly will block both the exploit that allows unauthorized code to run in the sandbox, and an even more dangerous (or useful, depending on your perspective) exploit that allows code to escape the sandbox and grants root permissions.

The fix will likely be delivered via the iOS 4.1 update, which is currently being beta tested by developers.  The current OS software version is iOS 4.01.


Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Mr. Jobs, care to comment?
By MrBlastman on 8/3/2010 9:46:18 AM , Rating: 5
"Why yes, yes I would kind sir," said Steve.

Steve walked up to the podium, once more--again subject to the wrath of the media on one of his sacred properties. Unabashed at the bias, unafraid of the criticism, Steve confidently stood before the masses once more at the beckon of naysayers out to muddle the name of Apple.

Steve took a sip from the glass of water that was appropriately placed at the podium for his consumation and swilled it around his mouth between his cheeks, savoring the cold icy water as it trickled down his throat. Steve looked onward and inperceptibly swallowed like that of a trained assassin; he then raised both arms high in the air, motioning his hands downward to soothe the discourse.

"Okay, so someone today mentioned to me that we have a security problem on our new iPhone 4," he paused and then chuckled.

The crowd grew silent, their gaze focused on the turtle-necked man.

"Well, that's just preposterous. The iPhone 4 is the most advanced phone ever made," Steve smiled. "This phone is the greatest thing to ever happen to man."

The crowd nodded, approvingly.

Steve thought to himself, "Good job, self, they're actually starting to buy into it." Steve then spoke to the crowd again, "There are no security flaws here." He waived his right arm out in a sweeping motion towards the direction of the audience.

"There is nothing to worry about. The phone is fine. Please go about your days without worry," Steve then concluded.

The crowd sighed, smiled and then faintly, a chanting could be heard... "Apple... Apple," slowly rising in volume, it became infectious and before long, it enveloped the whole crowd.

Steve put a smug look on his face, took another swill of the water and walked off the stage, silently cackling to himself.

The word of Jobs, so it shall be done.

RE: Mr. Jobs, care to comment?
By Trisagion on 8/3/2010 10:12:32 AM , Rating: 5
... and swilled it around his mouth between his cheeks, savoring the cold icy water as it trickled down his throat.

Have you considered a career in writing erotic literature?

RE: Mr. Jobs, care to comment?
By quiksilvr on 8/3/2010 10:58:11 AM , Rating: 5
Well, his name is Mr. Blastman (giggity). OH!

RE: Mr. Jobs, care to comment?
By Helbore on 8/3/2010 1:44:37 PM , Rating: 3
Well if you read closely, Steve didn't consume the water, he consumated it. Ooh, errr.

RE: Mr. Jobs, care to comment?
By MrBlastman on 8/3/2010 2:07:56 PM , Rating: 2
Hehe you caught on to that, eh? ;) (I spelled it wrong though :( )

RE: Mr. Jobs, care to comment?
By quiksilvr on 8/3/2010 2:44:57 PM , Rating: 2
Double letters are almost as useless as silent letters. Consumation or consummation...I mean will people really say it differently?

RE: Mr. Jobs, care to comment?
By smackababy on 8/3/2010 2:53:48 PM , Rating: 3
rapped and raped. Hmm, double letters are useless. >_>

The double letter generally dictates the vowel long.

RE: Mr. Jobs, care to comment?
By bodar on 8/3/2010 7:49:04 PM , Rating: 2
Think you meant short vowel there actually. Remember, each long vowel says its name. :)

RE: Mr. Jobs, care to comment?
By Hieyeck on 8/9/2010 11:08:42 AM , Rating: 4
Not much difference at all. Rapping is like getting raped in the ears.

By Justin Time on 8/3/2010 6:26:34 PM , Rating: 2
This is Steve Jobs - the word should have been consecrated - as surely this must have been holy water.

By SleepyGreg on 8/3/2010 10:01:58 AM , Rating: 3
Ummm does this apply to any iphone with iOS 4 or just the actual iphone 4?

RE: Question...
By Cubd on 8/3/2010 10:42:51 AM , Rating: 3
That's what I was thinking. The website works on all other iOS devices as well.

RE: Question...
By Dorkyman on 8/3/2010 12:54:19 PM , Rating: 5
You people are missing the big picture. Jobs and his design team anticipated something like this happening.

Any time you think there's a chance of a data leak, simply place your finger on the antenna gap.

With no signal, there's no chance of data loss.

RE: Question...
By msheredy on 8/3/10, Rating: -1
RE: Question...
By JazzMang on 8/3/2010 11:37:10 AM , Rating: 5

RE: Question...
By Apple Of Sodom on 8/3/2010 11:41:52 AM , Rating: 5

"Again, this exploit applies to all iPhone 4 users -- not just the ones who jailbroke their phones."

What they are saying, and I'm trying to make this simple, is that the new method released to jailbreak phones exploits a flaw in the way iOS 4 reads a PDF, allowing arbitrary code to be executed. The code, in this case, jailbreaks your phone. This same method could be used to execute other code that would do damage as opposed to jailbreak the phone.

RE: Question...
By SunAngel on 8/3/10, Rating: -1
RE: Question...
By croc on 8/9/2010 8:53:41 PM , Rating: 1
The 'hack' DID NOT exploit anything. Safari and webkit have so many security flaws that it is beyond a joke.If you just take the time, don't drink the kool aid for a few days, and objectively do a few searches, it will become obvious to you that this is so.

The 'hackers' are merely taking a pre-existing (nd known to all) flaw in Safari's (and webkit's) handling of a PDF to allow injection of a malicious website....

So quit being an Apple apologist for a few days, and go out and learn a bit.

RE: Question...
By jimbojimbo on 8/3/2010 12:48:40 PM , Rating: 2
Wow this guy has it all wrong.

Really people that jailbreak it have an advantage. Cydia will get the patch that'll protect you LOOOONG before Apple will even admit that there's a flaw. In essence you'd be a fool not to jailbreak.

RE: Question...
By Camikazi on 8/3/2010 1:19:44 PM , Rating: 5
You realize that the phones that go to get jailbroken at that site are not open yet the exploit still works right? Kind of proves even phones that are not jailbroken suffer form this exploit. Simple logic there, if the exploit only worked on jailbroken phone then the site could NOT use the exploit to jailbreak the phone in the first place.

"walled garden"
By Homerboy on 8/3/2010 9:42:18 AM , Rating: 2
Just to confirm, this is the new, hip buzz phase correct?

RE: "walled garden"
By Drag0nFire on 8/3/2010 10:41:54 AM , Rating: 2
Yeah, I thought Apple had a sandbox, not a walled garden...

RE: "walled garden"
By nafhan on 8/3/2010 11:16:48 AM , Rating: 3
Sandbox: a virtual container in which untrusted programs can be safely run
Walled garden: a closed or exclusive set of information services provided for users
The app store is a walled garden, and a virtual machine would be a sandbox.

By Cheesew1z69 on 8/3/2010 4:04:53 PM , Rating: 2

RE: It's
By PhoenixTX on 8/3/2010 4:21:54 PM , Rating: 3
Actually, it's McAfee.

Why not just ban it
By djc208 on 8/3/2010 10:58:02 AM , Rating: 2
I'm sure Apple will just ban all PDFs on iPhones. After all it's an Adobe format and we all know how much Apple thinks they suck.

Besides I'm sure there's some Apple propriatary format they're trying to push in HTML 5 which will do the same thing, so who needs PDFs any more?

RE: Why not just ban it
By kamel5547 on 8/3/2010 11:09:55 AM , Rating: 2
That would be a misconception, PDF is an open format. Adobe may have started it, and make the most popular PDF reader and writer, however it is an open format. There are plenty of non-commercial and commercial PDF products that compete with Adobe (I believe Apple has their own program that reads PDF's, which is probably where the bug is since Apple is going to patch this per the article).

Temporary Fix
By aharris on 8/3/2010 9:46:34 AM , Rating: 2
An app called PDF Loading Warner was just uploaded to Cydia today by cdevwill. It pops up with a warning notifying you that a PDF is about to download and gives you the chance to cancel if you didn't request it.

While this obviously doesn't solve the actual problem, it at least gives you more control over the issue until a real fix arrives.

RE: Temporary Fix
By aharris on 8/3/2010 9:47:54 AM , Rating: 1
Article read fail.

Whats Steve going to say now
By HrilL on 8/3/2010 12:27:40 PM , Rating: 3
After all the claims of jailbreaking making you unsafe it now looks like those who jailbreak will in fact be safer from this exploit. Laugh and at you Apple. Fail yet again. So you can expect a fix for this in about 6 months if you're on the official version.

By JakLee on 8/3/2010 5:14:19 PM , Rating: 3
I can't really restrain my urge to chuckle at this!
Now we just need a good fake website spam like "see the latest pictures of Lindsey Lohan before Maxim relases them" and BAM, the iphoner's all get infected. I can't wait to see how this one ends!

You think you're at risk?
By YashBudini on 8/6/2010 10:50:22 PM , Rating: 3
Try working for Foxconn.

By quiksilvr on 8/3/2010 9:38:42 AM , Rating: 2
What's stopping JailBreakMe from implementing that now that this has gone public?

ANy news?
By damianrobertjones on 8/3/2010 12:20:30 PM , Rating: 2
"Well, there may be a reason why they call them 'Mac' trucks! Windows machines will not be trucks." -- Microsoft CEO Steve Ballmer

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki