Hackers release new browser-based iOS 'jailbreak' based on PDF exploit - Page 2

Why buy from Cydia when your jailbroken iphone has access to pirated versions of everything anyway?

Because not everyone who jailbreaks is a pirate

MyWi, MyWi and MyWi. That's really all I have installed.

(there are millions of users of Cydia, but only ~5% of them make purchases from the storefront).


http://www.macnotes.net/2010/03/30/c...k-jay-freeman/

Because we don't want to pirate, and there are paid apps in Cydia. There are a lot of useful free apps in Cydia as well.

What people seem to be forgetting is that you don't need to jailbreak in order to pirate. You can do so with the SDK.

Sure, some number of jailbreakers are pirates, but since yo don't need to jailbreak in order to pirate obviously people, like me, see other benefits to jailbreaking.

Sorry no, this is all Apple. PDF is an open format to read and write. How you implement that is up to your programmers. The hackers create a bogus PDF file and if Apple's programmers allow that file to overflow a buffer, it is not Adobe's fault,

On on a related note, Microsoft is double-daring the hacker community to attempt a DDoS attack on their servers. Says it can't be done. . .

http://www.networkworld.com/communit..._pm_2011-07-06

Ad hominem attack deleted - JL

Adhominem aside- I still was right. -MRR

Ah, AppleInsider today... I come for the news, but stay for the insults.

Personally, I am loathe to give my credit card info to a site with more relaxed internal controls than Apple. Look at the Sony attacks for starters. I am also a little nervous about the security risks of jailbreaking.

That said, I travel enough internationally that an unlocked phone is a must. Buying unlocked but still paying the same rates for a subsidized device is almost as criminal as the roaming rates the telcos charge.

And the one to blame is Adobe because....


Ah, yes, because the program exploited is a program developed by Adobe, using libraries done by Adobe, used in a device designed and built by Adobe.

Righy?

If that's true, Jobs must be very noisy now.

This is actually some pretty impressive work by comex and others. It's a userland jailbreak (ie. much less complicated) that covers so many devices including the previously impervious iPad 2.

Technically, I think the jailbreak community keeps Apple on its toes.

Apple locked down the iPad 2 pretty hard following all the previous jailbreak exploits.

By releasing this jailbreak now along with the patch, they've pretty much ensured Apple will close the hole as iOS 5 is released and make the iPad 2 even more secure.

Piracy is unfortunate, I buy all my apps including LockInfo and DisplayOut from Cydia, even though, yes, the cracked versions of Cydia apps are also available.

Hackers gonna hack, pirates gonna pirate.

With iOS 5 closing this jailbreak and having the features you had to jailbreak to get, iOS will only get better and will encourage more legitimate purchasing of apps.

Also, with Apple finally selling a fully unlocked iPhone 4 in the US, and increasing this avenue around the world, the need to jailbreak to carrier unlock will be diminished.

With my iPad 2 right now having full mirroring, I can't think of any need to jailbreak it. As for my iPhone 4, LockInfo and DisplayOut is still important, as is of course the essential SBSettings. Once you use SBSettings it is hard to go back. It's very convenient.

A program reading a document in a format defined by Adobe, a format which has a long history of security problems across multiple platforms and multiple readers

http://en.wikipedia.org/wiki/PDF#Viruses_and_exploits

Sometimes I wonder if the acronym really stands for Payload Deployment Format.

Although there is less of a need now for JB, I would do it in a minute if I could get an important feature that has been available on many dumbphones for years: the ability to record both sides of a conversation. Several European countries will make this compulsory for business transactions soon, e.g.:

"In November, Britains Financial Services Authority (FSA) will roll out legislation requiring all financial services companies to record their mobile phone and text correspondence. Similar legislation has been enacted across other European states, most recently in Norway, under the umbrella of the EU Markets in Financial Instruments Directive (MiFID)."

See: http://www.growingbusiness.co.uk/com...nvestment.html

Blaming Adobe for the vulnerability of Reader App on iOS is like blaming W3C for a vulnerability on Safari Browser

you actually think Jay Freeman and company have not made tens of thousands of dollars ensuring cydia is always available, you are crazy.

deleted

deleted

Can you link even one post within the past two years where someone said the notification system is fine. Even the biggest iPhone fans have been fairly universal in their dislike of the current notification system...

Does not work on my 4.33 3GS, will not even try on my iPad. I just wanted to see if it actually works. Did any of the sites promoting/discussing this even bother to try it and test their claims...

So, what - slow news day today?

Seriously, there is nothing wrong with jailbreaking - I don't do it on my regular devices because I need their reliability and security for my work (SOX, etc requirements) and company policy expressly disallows jailbroken devices.

But you who decry jailbreaking are silly buggers who could well be accused of unctuous self-righteousness in the extreme. And worse those jailbreakers on here who are busy writing scathing responses look even sillier!

Obviously jailbreaking has its uses, and its a lot more secure and easier to do than before. If the jailbreaking community would spend less time opining about their David and Goliath relationship to Apple ( the scale is all wrong, but its the best example) and just enjoy the vissitudes of the erstwhile freedom you gain in doing it, you would be far better off than burning precious minutes of your day retorting to the occasional idiocy that rears it's head on a regular basis here.

The actual active jailbreaking community (as opposed to those many who are simply utilitarian incidental breakers) is a tiny fraction of the iOS user base. Surely you realize that. And don't bother to go on about "well all the people <I> know have jailbroken phones" or "there are millions of jailbroken phone on T-Mobile". Those numbers, while impressive and significant to you are not impressive and significant in the market at large - no matter how much you wish it to be so. And its OK.

Everyone keep your toys in your sandboxes and stop throw sand at each other. Apple uses input and feedback from a wide range of sources (including jailbreaking sites and blogs, for example) to review their security and feature strategy, among others. There is a reason why Apple is Apple and well you , are you. When you can stand your company up toe-to-toe with Apple and deliver as many products across the range of users they have to support, you then have bragging rights. Until then everyone is entitled to an opinion. And all opinions are NOT created equal.

Peace.

Those were generally buffer overruns and also generally limited to a few platforms - PDF includes javascript and so it's far more intrinsically insecure. They were not issues intrinsic to the file format, they were issues with PHP and the like that could be exploited with the file format - there is a difference. The JPG case was in fact a traditional exe virus that used JPGs to distribute payload.


There's a distinction between display-PDF which is intrinsic to the OS and regular PDF which is not. I've not heard of any security issues with display PDF, any more than I've heard of significant security problems with Postscript.

If the security problems are endemic to all the readers then it's fair to blame the standard. In this case it wouldn't be W3C because they never took responsibility for Javascript. Javascript is an abomination born from Netscape & Microsoft, with a side order of Sun, it's introduced security problems ever since it was created.

Adobe's inclusion of JS in PDF was completely unnecessary, so in this context I blame them.

http://www.adobe.com/support/security/#readerwin

Compare that to how many security problems Postscript suffered.

Apple decided to make their own reader for PDF and make it system wide. They are the ones responsible for maintaining security. PDF is just a document no different than a Word document which Apple's Pages can also read to some extent. Acrobat files can contain all kinds of data just like Word files can contain Active X. The programmer of the reader software decides which types of data to read and which to ignore. If you decide to read a certain type of data within the file then you assume the responsibility of maintaining the security of that part of the interaction with the document. In this case Apple accepted the data, read it and interacted with it. When they update the OS they will fix that oversight.

Oh there's no doubt that it's Apple's problem, the point is that it's courtesy of Adobe.


We're not talking about attachments here that can be exported to other programs that have security issues. We're not even talking about substreams that link to other applications over some sort of object model - we're talking about an intrinsic part of the file format. Completely different deal.


This is intrinsic to the data format, you can't leave it out and still claim to be a conformant PDF reader.

deleted

Of course you can. An Acrobat file can contain stickies, movies, Flash, links, even web conference connections, forms, etc. Apple does not read anything except the layout. None of the advanced features are included in their reader. Yet they included enough to get themselves into trouble. Just like last time it is probably a font exploitation since fonts are linked to the core system services.

deleted

deleted

Worked on my iPad 2 WiFi 16GB. Tried it last night. Virtually instantaneous jailbreak. Since the iPad 2 has display mirroring already, all I did was change the lockscreen and system fonts (using the free Bytafont app on Cydia). It's like an OS upgrade, having my favourite non-Apple-supplied fonts back on my iPad 2, I liked those fonts on my jailbreaked iPad 1.

Small suggestion, just check the official Dev Team blog for possible solutions to why it didn't work on your 3GS.

Not all paid apps go through Jay Freeman. Some accept paypal. Had you known anything about jailbreaking and the Cydia store you'd know that. Not using the Cydia storefront doesn't mean that only 5% pay for Cydia apps.

Jay Freeman uses Amazon for payments, others use PayPal, and Jay issues refunds on a regular basis for shitty apps and devs that provide bad support even though he doesn't write the apps. I've had two refunds (7$ and 2$) for apps made by one developer that lied about support and then released a broken update after those apps were out for about a year. You aren't giving your credit card info to anyone that can steal it, it goes through Amazon or PayPal. You have a problem it's covered through them and Jay is extremely nice and responds to problems very quickly.

As for security problems of jailbreaking, there aren't any. OpenSSH isn't installed by default hasn't happened for a very long time and if you choose to install it (just like anything you install on any computer or device) the packages has a popup that warns you sternly to change the SSH password ASAP. 10 second google search will tell you exactly how and SSH is as secure as it's password. Amazingly Apple hasn't changed the default SSH password since the beginning.

The attacks that were so stupidly overblown about people hacking into iPhones and changing the background were so devoid of actual facts it was infuriating. For one it only occured on iPhones that the end users chose to install OpenSSH and ignore the many, many warnings about changing the password. No more severe than not setting a strong password on anything else. Secondly the way it was done cannot happen here in the US. The attacks were through the data address their carriers assigned to that phone on it's data plan. They just hit a huge range of those data IPs to see what came up. US carriers don't allow anyone to SSH through that data IP so it was never a threat here. The past few jailbreaks have fixed the very hole they exploited immediately, meaning that a jailbroken phone is more secure than a non-jailbroken phone.

All this fear mongering about security issues on jailbroken iOS devices and not once has anything happened. Not once. Besides, every member of the Dev Team, Chronic Dev Team, @comex, @chpwn and so on are well known in that community, real names and all, that to do something that would steal info and so on would be really stupid anyway. When someone that says there is security issues with jailbroken iOS devices I always ask them for a specific example that jailbreaking has stolen their info/something of value and then ask how many apps have been removed from the official App Store has done the same. The usual answer is something completely false, them trying to bullshit their way through the question, or a blatant 'I don't know of any but that's what people say.' There is no less security with a jailbroken iOS device than there is without it. Alot of the time it's more secure.

How do they not have lives? This is some extremely hard work that takes someone that has a very good understanding of computer science and lots of specialized skill. This isn't the only work that comex has done, he works on a wide range of systems. Very well known security expert Charlie Miller has commended this as being very well done and extremely impressive, noting the huge amount of skill and very good knowledge it takes to do this. I'd say that you have neither a life or the intelligence to see exactly what's been done here, not just a jailbreak of iOS but someone out there is very skilled at this and asks for absolutely nothing in return. Unlike 'hackers' like the ones in LulzSec and anonymous, these guys aren't doing it for money, fame, or revenge. They are doing it because they love the devices they own and want others to use them to their full potential. I for one really appreciate this effort because it allows me to unlock a phone I paid full price for, that alone is reason enough to give them an attaboy.

Any problems you might have could be very simple to fix. It appears that you didn't actually try because there are over 1 million people that have had success so I seriously doubt you 'just tried it out to see of it was possible.' It IS possible, you just didn't actually try because it's actually quite easy to do. The easiest jailbreak ever done in fact.