or Connect
AppleInsider › Forums › Mobile › iPhone › Hackers release new browser-based iOS 'jailbreak' based on PDF exploit
New Posts  All Forums:Forum Nav:

Hackers release new browser-based iOS 'jailbreak' based on PDF exploit

post #1 of 74
Thread Starter 
Hackers have once again released a "jailbreak" for iOS devices that can be completed through the Mobile Safari Web browser, taking advantage of an exploit found in the operating system's PDF reader.

The hack can be accomplished by visiting the website jailbreakme.com on an iPhone, iPad or iPod touch. It is compatible with all of Apple's current iOS-powered mobile devices, including the iPad 2 and iPhone 4.

The hack was developed by "comex," Grant "chpwn" Paul and Jay "saurik" Freeman, and is compatible with iOS 4.3 through 4.3.3 on all iPads, the iPhone 3GS, GSM iPhone 4, and third- and fourth-generation iPod touch. It also works with iOS 4.2.6 through 4.2.8 for the CDMA iPhone 4.

The official site tells visitors they can jailbreak their iOS device to experience the software "fully customizable, themeable, and with every tweak you could possibly imagine." Jailbreaking is the term used to describe hacking iOS to allow users to install custom software and tweaks not approved by Apple.

The site also refers to jailbreaking as "safe and completely reversible," as users can restore their iPhone or iPad to the original, unaltered iOS software by restoring with iTunes. But jailbreaking is also a warranty-voiding process that Apple has warned users carries security risks. In 2009, a worm spread only on jailbroken iPhones that had enabled SSH for file transfer and did not change the default password.

Last July, the U.S. government affirmed that the process of jailbreaking is considered legal, though Apple is under no obligation to support users who have issues with hacked software.

The new "jailbreakme" site also asks users: "Please don't use this for piracy." While software can be legally downloaded or even sold through the jailbreak-only "Cydia" store, jailbreaking can also be used to pirate software that is sold on Apple's App Store.



This week's new jailbreak method is the second time hackers have exploited a PDF-related security hole in the Mobile Safari browser. The previous hack, issued last August, relied on a corrupt font to crash Safari's Compact Font Format handler.

Ironically, hackers who exploited the PDF security hole in iOS last year also delivered their own security fix to address the very same issue on jailbroken devices. The patch aimed to ensure that dishonest hackers would not be able to utilize the exploit for malicious purposes.
post #2 of 74
Whenever I feel down I just think about these guys who REALLY don't have lives, and feel so much better.
post #3 of 74
Quote:
Originally Posted by GQB View Post

Whenever I feel down I just think about these guys who REALLY don't have lives, and feel so much better.

Indeed. The reaction to this news on most sites I've seen this morning is either a yawn, or a "why would anyone jailbreak anymore?"

If jailbreaking isn't already on the wane, the rise of WebApps next year and the year after will put the last nail in the coffin. It will actually be better because it will go back to being something that a techie does for laughs instead of a mock business run by 17 year old asshats.
post #4 of 74
Quote:
Originally Posted by AppleInsider View Post

The new "jailbreakme" site also asks users: "Please don't use this for piracy."

Oh, Ok.... since you said "please".
post #5 of 74
It's becoming harder and harder to find a reason to jailbreak anymore (for me at least). It used to be that I had a ton of jailbreak applications that I would use because Apple hadn't bothered to implement the features yet. But Apple has slowly begun to add features that I previously found only on Cydia.

Now I still jailbreak on my iPhone 4, but only for MyWi and DataDeposit.

I'm glad that they were able to make a jailbreak for the iPad 2, but I see real little reason to jailbreak my iPad 2... and with iOS 5 coming, I REALLY won't need to jailbreak it all.
post #6 of 74
The significance here isn't that it's a jailbreak - it's that it's a web based rootkit. ie. this is a huge gaping hole in the iPhone's security model - and once again comes curtesy of the PDF reader.

The curse of Adobe strikes again!
post #7 of 74
Who verifies that the hacks are safe? How do you know that the hack itself while giving you all this new capability, also is not downloading your keystrokes, contacts, passwords or sending text messages to some random person in a foreign country?

I have no problem with what anyone wants to do to their expensive toy, but I am don't think it wise to give control of it to anyone else. I'm also glad Apple does not have to support it, driving the prices even higher.

Wouldn't it be funny if someone jailbroke their phone and suddenly received a text from Apple, "Thank you for buying Apple, however since you have left our safe ecosystem, we have to protect our members and have isolated your handset from further interaction with our systems. While you lose our half a million apps, you do have the Cydia hacked marketplace to choose from. Regards - Apple"
post #8 of 74
Quote:
Originally Posted by Mazda 3s View Post

It's becoming harder and harder to find a reason to jailbreak anymore (for me at least). It used to be that I had a ton of jailbreak applications that I would use because Apple hadn't bothered to implement the features yet. But Apple has slowly begun to add features that I previously found only on Cydia.

Now I still jailbreak on my iPhone 4, but only for MyWi and DataDeposit.

I'm glad that they were able to make a jailbreak for the iPad 2, but I see real little reason to jailbreak my iPad 2... and with iOS 5 coming, I REALLY won't need to jailbreak it all.

For me, there's one feature from the JB community apple has utterly ignored, and its essential, SBSettings. As someone who frequently doesn't have Wifi access (at work, on the light rail, etc) and who uses a number of Bluetooth accessories with both devices, navigating the settings page to turn those things on and off is a hassle.
post #9 of 74
Quote:
Originally Posted by Radjin View Post

Who verifies that the hacks are safe? How do you know that the hack itself while giving you all this new capability, also is not downloading your keystrokes, contacts, passwords or sending text messages to some random person in a foreign country?

I have no problem with what anyone wants to do to their expensive toy, but I am don't think it wise to give control of it to anyone else. I'm also glad Apple does not have to support it, driving the prices even higher.

Wouldn't it be funny if someone jailbroke their phone and suddenly received a text from Apple, "Thank you for buying Apple, however since you have left our safe ecosystem, we have to protect our members and have isolated your handset from further interaction with our systems. While you lose our half a million apps, you do have the Cydia hacked marketplace to choose from. Regards - Apple"

Somehow the mac manages to survive without being locked to Apple's app store, I'm not sure why there should be a distinction for iPads.
post #10 of 74
Quote:
Originally Posted by Iandanger View Post

Somehow the mac manages to survive without being locked to Apple's app store, I'm not sure why there should be a distinction for iPads.

Now there's the Mac App store. Glad to see a place where verified software is available.
post #11 of 74
Quote:
Originally Posted by Iandanger View Post

Somehow the mac manages to survive without being locked to Apple's app store, I'm not sure why there should be a distinction for iPads.

Because if your mac dies due to software problems you can reinstall it from optical disk or USB key drive. If you brick your iPad you have no such option.
post #12 of 74
Quote:
Originally Posted by AppleInsider View Post

Jailbreaking is the term used to describe hacking iOS to allow users to install custom software and tweaks not approved by Apple.

Who does AI think is reading this? Does anybody not know what Jailbreaking is? Honestly, it's not like any REAL mainstream news outlets pick up the AI article and republish it for their readers. It's cute though, how AI tries to make their rumormongering appear to be like real journalism.
post #13 of 74
Quote:
Originally Posted by cloudgazer View Post

Because if your mac dies due to software problems you can reinstall it from optical disk or USB key drive. If you brick your iPad you have no such option.

Isn't it pretty much impossible to brick an iOS device? Stick it in Recovery Mode and restore.
post #14 of 74
I still think that most people who jailbreak are huge liars. I think that most do it because they're cheap and even spending .99 cents on a great game or app is too much for these cheapskates, so they choose to pirate instead. There might be a few exceptions to this, but I do think that piracy is the main reason that people jailbreak.
post #15 of 74
or they are traveling to another country and need to unlock their phone (which Apple refuses to do, even when the 2-yr contract is up!) so they don't have to pay AT&T's extortionist rates.
post #16 of 74
Quote:
Originally Posted by Mazda 3s View Post

Isn't it pretty much impossible to brick an iOS device? Stick it in Recovery Mode and restore.

First rule of making devices reliable, don't depend on the recover system The average user can't even cope with it.
post #17 of 74
Quote:
Originally Posted by AppleStud View Post

Who does AI think is reading this? Does anybody not know what Jailbreaking is? Honestly, it's not like any REAL mainstream news outlets pick up the AI article and republish it for their readers. It's cute though, how AI tries to make their rumormongering appear to be like real journalism.

This kind of inclusion is exactly the thing that separates the real journalists from the blogs.

You are arguing that they shouldn't bother but at the same time kind of implying that they are "just a blog." The more bloggers actually adhere to the rules of writing and journalism the better IMO. Why criticise them for being thorough and professional?
post #18 of 74
People who are appalled at jailbreakers are the same people who 3 months ago said that iPhone notifications were fine and that adding any information on the lock screen would make the iPhone into a horrible mess that only geeks (read: closet android fans) would want. People jailbreak because they want the features that jailbreaking provides.
post #19 of 74
Quote:
Originally Posted by Apple ][ View Post

I still think that most people who jailbreak are huge liars. I think that most do it because they're cheap and even spending .99 cents on a great game or app is too much for these cheapskates, so they choose to pirate instead. There might be a few exceptions to this, but I do think that piracy is the main reason that people jailbreak.

I still think that most people who make sweeping assumptions about jailbreakers are speaking about things they know nothing about. My involvement in jailbreaking ios devices goes back to late 2007 when the first jailbreak was released. I DO know a lot of people who have chosen to jailbreak their devices. While some people do it just to pirate apps, many just want tweaks and apps that are not approvable by app store. Why are you so quick to assume it is only because they are cheap? I think if you bothered to investigate you would find much evidence to the contrary. Cydia (the 3rd party store) has many apps that cost money. There are developers making money on the cydia store, many I know personally. So to rephrase your premise, people jailbreak because they are too cheap to buy $.99 apps on the app store, but are willing to buy from a 3rd party store that involves more cumbersome payment methods to get apps costing typically from $1-$10. Yeah real solid logic there, Apple ][
post #20 of 74
Quote:
Originally Posted by gwlaw99 View Post

People who are appalled at jailbreakers are the same people who 3 months ago said that iPhone notifications were fine and that adding any information on the lock screen would make the iPhone into a horrible mess that only geeks (read: closet android fans) would want. People jailbreak because they want the features that jailbreaking provides.

Agreed.
post #21 of 74
Quote:
Originally Posted by Mazda 3s View Post

Agreed.


I second it
post #22 of 74
Quote:
Originally Posted by gregord View Post

I still think that most people who make sweeping assumptions about jailbreakers are speaking about things they know nothing about. My involvement in jailbreaking ios devices goes back to late 2007 when the first jailbreak was released. I DO know a lot of people who have chosen to jailbreak their devices. While some people do it just to pirate apps, many just want tweaks and apps that are not approvable by app store. Why are you so quick to assume it is only because they are cheap?

This is a good point, lets not forget that jailbreaking existed before there ever was an App store, my iPod touch was jailbroken then, and my ipad2/iphone4 are jailbroken now. Until apple adds SBSettings equivalent functionality, jailbroken I shall remain. Jailbreaking is for unlocking functionality not piracy.
post #23 of 74
Quote:
Originally Posted by Habañero View Post

or they are traveling to another country and need to unlock their phone (which Apple refuses to do, even when the 2-yr contract is up!) so they don't have to pay AT&T's extortionist rates.

That's why I do it, with my old 3GS
post #24 of 74
Quote:
Originally Posted by Apple ][ View Post

I still think that most people who jailbreak are huge liars. I think that most do it because they're cheap and even spending .99 cents on a great game or app is too much for these cheapskates, so they choose to pirate instead. There might be a few exceptions to this, but I do think that piracy is the main reason that people jailbreak.

Not only that, I already saved myself $100 from Navigon and TomTom together + many other apps. In the long run it cost tons of money.
post #25 of 74
deleted
post #26 of 74
If you have never jailbroke-your opinion is pretty much worthless. Jailbreaking is not for average users. You need to know a bit more than just how to charge your phone. UNIX helps. There are many compelling reasons to jailbreak beyond piracy (which unfortunately is rapant in foreign markets esp. China & Russia); however piracy is huge and much more comon on PCs.
Bricking by jailbreaking is less common than bricking without ever jailbreaking and is not caused by software it is pretty much a hardware component failure. I jailbreak, have 250+apps (full versions) from Apples AppStore - as well as paid Cydia apps (20+) including productivity enhancements, networking, capabilities, wii-Bluetooth controls, webcam to mac, enhancements to the iPod player, gorgeous icons, weather widget, capabilities to place icons in folders with unlimited apps, shrinkable icons, five icon dock, I could go on forever.
So the point is - you may see no compelling reason but many do. Does it really effect you (a nonjailbreaker) enough to hate on those who do? If so you must have a miserable life with nothing much else to do. Get your facts straight and by all means just don't jailbreak unless you want to extend the capabilities of one of the best devices ever made. Move on, bite that nasty tongue and do something nice today.
post #27 of 74
Quote:
Originally Posted by Apple ][ View Post

I still think that most people who jailbreak are huge liars. I think that most do it because they're cheap and even spending .99 cents on a great game or app is too much for these cheapskates, so they choose to pirate instead. There might be a few exceptions to this, but I do think that piracy is the main reason that people jailbreak.



And you my dear friend are mostly a hating bugger.

Love,
Your dear friend, a jailbreaker
post #28 of 74
I jailbroke because until this year there was not a supported iPhone carrier in the upper midwest. AT&T was not here and Verizon didn't have the iPhone. The only apps I downloaded that were not from the app store were to workaround limitations of an older version of iOS on an older iPhone with an unsupported carrier.

Calling them "hackers" instead of their well-known iPhone Dev Team name, and bringing up the piracy issue, gives the article an anti-jailbreaking slant. Nothing new here.
post #29 of 74
Quote:
Originally Posted by gregord View Post

I still think that most people who make sweeping assumptions about jailbreakers are speaking about things they know nothing about. My involvement in jailbreaking ios devices goes back to late 2007 when the first jailbreak was released. I DO know a lot of people who have chosen to jailbreak their devices. While some people do it just to pirate apps, many just want tweaks and apps that are not approvable by app store. Why are you so quick to assume it is only because they are cheap? I think if you bothered to investigate you would find much evidence to the contrary. Cydia (the 3rd party store) has many apps that cost money. There are developers making money on the cydia store, many I know personally. So to rephrase your premise, people jailbreak because they are too cheap to buy $.99 apps on the app store, but are willing to buy from a 3rd party store that involves more cumbersome payment methods to get apps costing typically from $1-$10. Yeah real solid logic there, Apple ][

Well said!
post #30 of 74
Quote:
Originally Posted by davidcarswell View Post

And you my dear friend are mostly a hating bugger.

Love,
Your dear friend, a jailbreaker

No need to wet your panties there buddy.

I don't hate jailbreakers. I just think that many of them aren't honest, that's all. I'm not a developer, I have no personal stake in this. I call things like I see them. If you don't like it, then too bad.
post #31 of 74
Quote:
Originally Posted by GQB View Post

Whenever I feel down I just think about these guys who REALLY don't have lives, and feel so much better.

Quote:
Originally Posted by Prof. Peabody View Post

Indeed. The reaction to this news on most sites I've seen this morning is either a yawn, or a "why would anyone jailbreak anymore?"

If jailbreaking isn't already on the wane, the rise of WebApps next year and the year after will put the last nail in the coffin. It will actually be better because it will go back to being something that a techie does for laughs instead of a mock business run by 17 year old asshats.

Quote:
Originally Posted by Apple ][ View Post

I still think that most people who jailbreak are huge liars. I think that most do it because they're cheap and even spending .99 cents on a great game or app is too much for these cheapskates, so they choose to pirate instead. There might be a few exceptions to this, but I do think that piracy is the main reason that people jailbreak.

post #32 of 74
What? Adobe security exploit again? What are they doing in there? PDF shouldn't have been this insecure.
post #33 of 74
deleted
post #34 of 74
Quote:
Originally Posted by AppleInsider View Post

Ironically, hackers who exploited the PDF security hole in iOS last year also delivered their own security fix to address the very same issue on jailbroken devices. The patch aimed to ensure that dishonest hackers would not be able to utilize the exploit for malicious purposes.

"We have an honest thief!" - Cal (from movie Titanic)


/
/
/

Ten years ago, we had Steve Jobs, Bob Hope and Johnny Cash.  Today we have no Jobs, no Hope and no Cash.

Reply

Ten years ago, we had Steve Jobs, Bob Hope and Johnny Cash.  Today we have no Jobs, no Hope and no Cash.

Reply
post #35 of 74
Quote:
Originally Posted by gwlaw99 View Post

People who are appalled at jailbreakers are the same people who 3 months ago said that iPhone notifications were fine and that adding any information on the lock screen would make the iPhone into a horrible mess that only geeks (read: closet android fans) would want. People jailbreak because they want the features that jailbreaking provides.

Agreed! I have over 800 paid apps for my iPhone and iPad, and I still JB. Here's why:

- LockInfo
- Infinifolders
- Infinidock
- Activator
- iFile/OpenSSH
- SB Settings
- Winterboard
- Wifi-sync
- 3G Unrestrictor
- Lockdown

My list has shorten significantly over the years as iOS keeps on improving. For example, I no longer use MyWi because iOS 4.2 finally allowed Mi-Fi tethering. Soon as iOS 5 comes out, I can also get rid of LockInfo and Wifi-sync, but I would definitely still JB for the other features.
post #36 of 74
deleted
post #37 of 74
I guess you are ignoring the over two million iPhone users on T-Mobile in the US. All of us had to jailbreak to unlock the phone. Further, I have apps like VLC for video, which Apple took off the app store.


Quote:
Originally Posted by Apple ][ View Post

I still think that most people who jailbreak are huge liars. I think that most do it because they're cheap and even spending .99 cents on a great game or app is too much for these cheapskates, so they choose to pirate instead. There might be a few exceptions to this, but I do think that piracy is the main reason that people jailbreak.
post #38 of 74
Fuckheads who make sweeping judgements on subjects they know nothing about are fuckheads.

I suppose people who work on their own cars and prefer to do business with small independent shops are also dishonest. They're obviously stealing if they don't always shop at Walmart.
post #39 of 74
Thankfully, it looks like Apple sat down before designing iOS 5 and said... "Let's look at all the reasons why people currently Jailbrake their devices and then offer those features in iOS 5."

And for the most part, I think they're well on their way. Obviously there will always be those users and developers that desire features which Apple is just not down with - and for them, Jailbraking will be around for many years to come - but with iOS 5, I've finally run out of reasons to JB my iPhone.

Now if only we could get a half-decent bluetooth stack! (ffs).
post #40 of 74
Quote:
Originally Posted by GQB View Post

Whenever I feel down I just think about these guys who REALLY don't have lives, and feel so much better.

Whenever I see people who can't appreciate the importance of work that people do FOR OTHERS it just makes me feel better about myself.
TalkAndroid anyone?
Reply
TalkAndroid anyone?
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
AppleInsider › Forums › Mobile › iPhone › Hackers release new browser-based iOS 'jailbreak' based on PDF exploit