Print 34 comment(s) - last by croc.. on Aug 9 at 8:53 PM

The same exploit that allows the new iPhone 4 jailbreak could put ALL users at risk of data theft.
Hackers salivate at opportunity to exploit thousands of new iPhone unlockers

The iPhone 4 has finally been jailbroken, thanks to the hard work of the Apple Dev Team.  An unlock is expected to soon follow.

Unfortunately, the route used to jailbreak the phone appears to be just as readily exploited for less noble purposes.  The method used by involves navigating to a website with a PDF document.  Due to poor programming, the PDF is allowed to execute code that would normally be disallowed.  For the jailbreakers, this means executing code that will free your phone from Apple's walled garden.

However, for malicious hackers, this exploit could allow for the theft of your address book, text message database, pictures, and more on any iPhone 4.  Reportedly, the method has not yet been broadly published, but will soon be publicly disclosed.  At that point, black hat hackers will be able to have a field day.

Apple likely will jump at the opportunity to patch this hole, locking out jailbreakers in the process.  As jailbreaking was recently ruled legal in amendments to the Digital Millennium Copyright Act, Apple might otherwise find it harder to justify moving to deliberately shut out the jailbreakers.

You can use iFile or SSH on the iPhone to install a browser plugin called "PDF Loading Warner", which will ask for permission whenever a site wants to display a PDF file.  You can get the .deb file here.  A standard installer should be available on Cydia in the next couple of days.

Until you get that, it's recommended that you limit your browsing to known trusted sites only.  Again, this exploit applies to 
all iPhone 4 users -- not just the ones who jailbroke their phones.

UPDATED: Aug. 3, 2010 1:55 p.m.-

To clarify both iPhone OS 4 and iPhone OS 3 are vulnerable.  This means that virtually any iPhone 3G, 3GS, or iPhone 4 is at risk.  The vulnerability stems from a problem in how the mobile Safari browser processes Compact Font Format (CFF) data.  When it encounters this data -- typically found in PDF documents -- a memory corruption error results, allowing the execution of arbitrary code, including malicious commands.

A full post on this, courtesy of McAffee antivirus researcher David Marcus (sourcing a vulnerability assessment by Vupen) can be found here.

UPDATED 2: Aug. 8, 2010 9:30 p.m.

Apple's has announced plans to remedy the woefully poor parsing code in its mobile Safari browser.  Speaking with CNET, an Apple spokesperson remarked, "We're aware of this reported issue, we have already developed a fix and it will be available to customers in an upcoming software update."

The fix reportedly will block both the exploit that allows unauthorized code to run in the sandbox, and an even more dangerous (or useful, depending on your perspective) exploit that allows code to escape the sandbox and grants root permissions.

The fix will likely be delivered via the iOS 4.1 update, which is currently being beta tested by developers.  The current OS software version is iOS 4.01.


Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Question...
By SunAngel on 8/3/2010 12:22:05 PM , Rating: -1
Please for the love of Mary, stop depending on what Dailytech writers write. Please follow up on other tech sites for addition (and accurate) information.

The hack exploits all mobile safari web browsers. All versions of the iphone have a mobile safari web browser. However, the hack currently does not work on iOS beta 4.1, even though it does contain the mobile safari web browser. It currently works on iOS 4.01 and lower.

RE: Question...
By croc on 8/9/2010 8:53:41 PM , Rating: 1
The 'hack' DID NOT exploit anything. Safari and webkit have so many security flaws that it is beyond a joke.If you just take the time, don't drink the kool aid for a few days, and objectively do a few searches, it will become obvious to you that this is so.

The 'hackers' are merely taking a pre-existing (nd known to all) flaw in Safari's (and webkit's) handling of a PDF to allow injection of a malicious website....

So quit being an Apple apologist for a few days, and go out and learn a bit.

"Well, we didn't have anyone in line that got shot waiting for our system." -- Nintendo of America Vice President Perrin Kaplan

Latest Headlines

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
No More Turtlenecks - Try Snakables
September 19, 2016, 7:44 AM
ADHD Diagnosis and Treatment in Children: Problem or Paranoia?
September 19, 2016, 5:30 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
Automaker Porsche may expand range of Panamera Coupe design.
September 18, 2016, 11:00 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki