BlackBerry Forums Support Community
              

Closed Thread
 
Thread Tools
Old 08-04-2010, 11:42 PM   #1
daphne
BBF Spam Killer Moderator
 
daphne's Avatar
 
Join Date: May 2007
Location: on a sunny beach
Model: Paspt
OS: 10.3.0.90
PIN: X1ZPY34K
Carrier: VZW but not for long
Posts: 9,176
Default Jailbreakme using PDF exploits for iOS 4

Please Login to Remove!

Lots of articles about this the last 2 days.

JailbreakMe, drive-by attacks on iOS, and limiting potential attacks - Security Labs

Quote:
Posted: 04 Aug 2010 03:06 PM

Late last week a new jailbreak method was released for iOS 4 and iPhone OS 3.x based devices such as the iPhone, iPod, and iPad. Jailbreaking these devices is nothing new. It's been done for years to allow these devises to run applications not approved by Apple, and also as a means to unlock iPhones for use on other carriers. What is different in this new method is that all that it takes to jailbreak the device is to visit a specific website using the built-in Web browser. Previously users had to connect the device to a computer and use software for Windows or Mac to complete the process.

At jailbreakme.com, all it takes to complete the jailbreak is to slide the arrow to the right and wait for the process to complete. To perform the jailbreak the process takes advantage of two vulnerabilities; one in how Safari parses PDF files, and one in the kernel of iOS/iPhoneOS. VUPEN has more information about these vulnerabilities in their advisory.

Apple is reportedly looking into the vulnerability issues, but until they have issued a patch, all users of iPhones, iPads, or iPods are at risk, because there is nothing that prevents a malicious attacker from using these vulnerabilities to automatically install malware onto the device. Reports around the Web are claiming that there isn't much a user can do to prevent this type of attack unless you've already jailbroken, as there is an add-on, via Cydia, that will warn you for every PDF you open. However, this is not entirely true.

While it is true that Safari and other Web browsers on iOS/iPhoneOS automatically render and display a PDF page, and therefore will load the exploit automatically, some third-party browsers have customizable filters that can block the attack and prevent your device from compromise. Two examples are Atomic Web Browser and iCabMobile, both of which work on iPhone, iPod Touch, and iPad.

Here is how you enable and tweak the application filters to prevent PDFs from being downloaded in the browser.
More in the article.

New iPhone Jailbreakme.com method allows for malicious phone access « Boy Genius Report

Is JailbreakMe.com the Start of iOSxxx8217;s Downfall Due to Malicious Code? | iPhonefreak

Quote:
If you havenxxx8217;t already given it a go, cracking your iPhone by using the JailbreakMe.com website is the easiest it has ever been to let the leash off your iPhone, however, as handy though the method is, it has highlighted a potentially problematic vulnerability within Mobile Safari.

Herexxx8217;s the issue. JailbreakMe.com hides its code inside a PDF document with a dodgy font, which when activated allows the implanted code to run the jailbreak program with little to no input from the user aside from the xxx8217;slide to jailbreakxxx8217; instruction. According to several sources, including Gizmodo, this exploit could also be used by less friendly sources to take control of your device, wipe its memory, install new programs or pretty much anything else they fancy.
more in the article

Your iPhone, iPad and iPod touch devices are all wide open to hackers | ZDNet

Apple Security Breach Gives Complete Access to Your iPhone
__________________
Report spam text messages to 7726
#BlackBerry by choice

Last edited by daphne; 08-04-2010 at 11:43 PM..
Offline  
Old 08-05-2010, 09:44 AM   #2
TheRinger
CrackBerry Addict
 
Join Date: Dec 2005
Location: Everett WA
Model: 4
OS: iOS4
PIN: Whats a pin? lol
Carrier: AT&T
Posts: 582
Default

There is a package in Cydia (the jailbreak store for those that dont know) that guards this exploit.

Basically if i try and open a pdf, a pop up asks me to allow or deny.

Jailbreakers are currently more safe than stock :D
Offline  
Old 08-05-2010, 10:41 AM   #3
NJBlackBerry
Grumpy Moderator
 
NJBlackBerry's Avatar
 
Join Date: Aug 2004
Location: Somewhere in the swamps of Jersey
Model: SGS7
Carrier: Verizon
Posts: 27,948
Default

It doesn't really guard it - and if it VERY annoying, but it does generate a pop up when you try to open a PDF.

Apple must have hired Microsoft and Adobe's coders for the iOS. Exploits galore.
Offline  
Old 08-05-2010, 11:16 AM   #4
TheRinger
CrackBerry Addict
 
Join Date: Dec 2005
Location: Everett WA
Model: 4
OS: iOS4
PIN: Whats a pin? lol
Carrier: AT&T
Posts: 582
Default

Quote:
Originally Posted by NJBlackBerry View Post
It doesn't really guard it - and if it VERY annoying, but it does generate a pop up when you try to open a PDF.

Apple must have hired Microsoft and Adobe's coders for the iOS. Exploits galore.
Ya, guard was probly the wrong word for it, but it gives notification a pdf is attempting to open
Offline  
Old 08-05-2010, 01:46 PM   #5
NJBlackBerry
Grumpy Moderator
 
NJBlackBerry's Avatar
 
Join Date: Aug 2004
Location: Somewhere in the swamps of Jersey
Model: SGS7
Carrier: Verizon
Posts: 27,948
Default

Right -and I'd bet that Apple is working on this HUGE security exploit anI expet n OS update soon. Like in under a week.

And then they can start on the NEXT identified exploit.
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


MSA ALTAIR O2 SINGLE GAS DETECTOR 10071364 picture

MSA ALTAIR O2 SINGLE GAS DETECTOR 10071364

$217.55



MSA Altair 5X Gas Detector Industrial Kit - LEL, O2, CO, H2S picture

MSA Altair 5X Gas Detector Industrial Kit - LEL, O2, CO, H2S

$750.00



MSA Altair 5X  picture

MSA Altair 5X

$750.00



New Open Box MSA Altair 4XR Multigas Detector picture

New Open Box MSA Altair 4XR Multigas Detector

$579.99



MSA 10106725 Sensor with Alarms 10/1700 ppm with Altair 4X/5X Multi-Gas Detector picture

MSA 10106725 Sensor with Alarms 10/1700 ppm with Altair 4X/5X Multi-Gas Detector

$200.00



Altair2X Co Instrument CO Gas Detector picture

Altair2X Co Instrument CO Gas Detector

$399.99







Copyright © 2004-2016 BlackBerryForums.com.
The names RIM © and BlackBerry © are registered Trademarks of BlackBerry Inc.