Apple says iOS update coming to fix new PDF exploit
A new browser-based hack that allows users to wirelessly ?jailbreak? their iPhone, iPod touch or iPad has led to fresh concerns over the security of the iOS platform, while Apple has promised that a fix will arrive soon.
The latest version of JailbreakMe.com was released Wednesday by the iOS hacking group Dev-Team. According to the site, users can "just browse to http://www.jailbreakme.com on [their] device and install it from there." The hack resembles an earlier version of JailBreakMe that arrived last year.
But, security researchers worry that the vulnerability could allow hackers to install malware when a user clicks on a malicious PDF.
"The Jailbreakme.com exploit downloads a payload to jailbreak the phone, but it could be changed to deliver a malicious payload," security expert Charlie Miller said. He notes that ?this is the first exploit that can defeat Apple's ASLR (Address Space Layout Randomization)," a technique developed by the Cupertino-based company to obstruct various attacks.
Apple has responded to the concerns via spokeswoman Trudy Millar, who said: "Apple takes security very seriously. We're aware of this reported issue and are developing a fix that will be available to customers in an upcoming software update.?
Jailbreaking an iOS device allows the installation of third-party apps outside of the App Store and is often used for carrier unlocks for the iPhone, though the process does void Apple?s warranty. Last year, the U.S. government declared jailbreaking and unlocking legal, though Apple is not obligated to support modified devices.
Those who are currently running jailbroken devices can fix the flaw by downloading the latest ?PDF Patcher 2? software released by the Dev-Team on the Cydia store for unsanctioned apps, while those with non-jailbroken devices will have to wait for Apple to release a fix. Last year, it took Apple nine days to release an update that solved the PDF exploit.
The latest version of JailbreakMe.com was released Wednesday by the iOS hacking group Dev-Team. According to the site, users can "just browse to http://www.jailbreakme.com on [their] device and install it from there." The hack resembles an earlier version of JailBreakMe that arrived last year.
But, security researchers worry that the vulnerability could allow hackers to install malware when a user clicks on a malicious PDF.
"The Jailbreakme.com exploit downloads a payload to jailbreak the phone, but it could be changed to deliver a malicious payload," security expert Charlie Miller said. He notes that ?this is the first exploit that can defeat Apple's ASLR (Address Space Layout Randomization)," a technique developed by the Cupertino-based company to obstruct various attacks.
Apple has responded to the concerns via spokeswoman Trudy Millar, who said: "Apple takes security very seriously. We're aware of this reported issue and are developing a fix that will be available to customers in an upcoming software update.?
Jailbreaking an iOS device allows the installation of third-party apps outside of the App Store and is often used for carrier unlocks for the iPhone, though the process does void Apple?s warranty. Last year, the U.S. government declared jailbreaking and unlocking legal, though Apple is not obligated to support modified devices.
Those who are currently running jailbroken devices can fix the flaw by downloading the latest ?PDF Patcher 2? software released by the Dev-Team on the Cydia store for unsanctioned apps, while those with non-jailbroken devices will have to wait for Apple to release a fix. Last year, it took Apple nine days to release an update that solved the PDF exploit.
Comments
http://reviews.cnet.com/8301-19512_7...?tag=cnetRiver
Hell this jailbreak only took 30 secs on my iPhone 4 running 4.2.8. Running smooth too! I read on Cnet the jailbreakme website announced 1 million downloads had been reached in 24 hours. Pretty neat!
http://reviews.cnet.com/8301-19512_7...?tag=cnetRiver
Don't forget to grab the exploit patch from Cydia.
but good for me, hopefully ill be able to unlock my ip4
Hell this jailbreak only took 30 secs on my iPhone 4 running 4.2.8. Running smooth too! I read on Cnet the jailbreakme website announced 1 million downloads had been reached in 24 hours. Pretty neat!
http://reviews.cnet.com/8301-19512_7...?tag=cnetRiver
Don't forget to grab the exploit patch from Cydia.
Tried it last night on my iPad 2 16GB WiFi. Virtually instant jailbreak. Patched with PDF Patcher 2 from Cydia. First thing I did was to put some of my favourite non-Apple-supplied fonts onto the iPad 2 (using the free Bytafont app on Cydia). Fun.
Don't forget to grab the exploit patch from Cydia.
I forgot about that. Thanks for the reminder! I was overwhelmed by all the extra stuff you can do
END OF LINE
Oh well, thanks to the Dev-Team for looking out for us while Apple sits on their hands, yet again.
Keep it up...
Who smiles in the end?
Gloat while you can, barely literate peasants.
Keep it up...
Who smiles in the end?
Does acting like an idiot help you feel like less of a loser? Anyone with half a brain can figure out that this is a MAJOR security flaw and that Apple did not identify it or address it in a timely manner. Heck they still have not released a patch but we hope they will someday soon. It doesn't even take half a brain to figure out this has happened before multiple times. Since you don't seem to get it, I must assume you have very little brain function.
Go ahead and attack others literacy and social status if it makes you feel better about yourself, but I assure you, no one but you is impressed.
Gloat while you can, barely literate peasants.
Keep it up...
Who smiles in the end?
Sweet.
Does acting like an idiot help you feel like less of a loser? Anyone with half a brain can figure out that this is a MAJOR security flaw and that Apple did not identify it or address it in a timely manner. Heck they still have not released a patch but we hope they will someday soon. It doesn't even take half a brain to figure out this has happened before multiple times. Since you don't seem to get it, I must assume you have very little brain function.
Go ahead and attack others literacy and social status if it makes you feel better about yourself, but I assure you, no one but you is impressed.
The same as above p. (level)
Just because there is an exploit does not mean Apple is lazy or incompetence. Some things are just unknown until it get discovered. That is just our life. Surely if the dev-team work at Apple they would identify it with Apple and not in the opposition to them. I dont think they would (working at Apple).
Everyone note that like the previous jailbreak DRM'ed iBooks is also broken on this jailbreak... Well, can't have everything.
Since the jailbreak is tethered, if you reboot the device, you can get iBooks back.
In that state, you lose Safari, though.
Thanks Apple, but your services are no longer needed. The Dev team took care of the jb AND plugged the hole. Movealong. Nothing to see here.
END OF LINE
Riddle me this, Mac.World: How do you expect to jailbreak the release version of iOS 5 at all since Apple is patching the hole? You act as though the jailbreakers have actually done something good. Or something at all. They haven't.
Of course the apologists will probably start chiming in about how jailbreaking is never used for piracy.
Of course the apologists will probably start chiming in about how jailbreaking is never used for piracy.
I've never seen a single person say that. Get over yourself.
What I HAVE seen is people saying that jailbreaking isn't EXCLUSIVELY used for piracy, which is true.
Of course the apologists will probably start chiming in about how jailbreaking is never used for piracy.
Where has that ever been posted?
Of course the apologists will probably start chiming in about how jailbreaking is never used for piracy.
Where has that ever been posted?
Since the jailbreak is tethered, if you reboot the device, you can get iBooks back.
?? It's untethered. Always has been.
?? It's untethered. Always has been.
Oh. Whoops. I'm talking about iOS 5 beta 2's jailbreak which behaves the same way as whatever this one does, apparently.
Straw man.
Meanwhile:
JailbreakMe.com 3.0 Surpasses 1 Million Jailbreaks in Under 24 Hours
http://www.iphoneincanada.ca/jailbre...nder-24-hours/
Pirates, overloading the pirated App servers.
Tario70
Posted Today, 04:53 AM
If you ever get an error, like API unavailable, be sure to check a*******r.org to ensure it is up.
I also received the API error & guess what, a********r.org is DOWN! Which means we all cannot download anything.
I know it's been said a few times in this thread, but BE PATIENT. The servers are being hammered right now & the amount of traffic is killing the server.
On a side note, perhaps a lot of people would benefit from using A******r & saving the IPA's that you download so that when a new jailbreak comes out you don't need to bombard a*******r/i******us for your apps. That's how I do it & that means I'm only hitting a********r/i*******us when an app has an update. It definitely could reduce the strain on the servers in the future.
~Tario70
The pirates have been unleashed, well done Dev Team you are aiding and abetting thieves, in spite of the bulls**t disclaimer.
tdb94
\t
Posted Today, 08:18 AM
I think API error is due to traffic on i*******us, as far as invalid ipa, that just means that the file u downloaded was not cracked properly, try a different source and cracker. Not installing with a good .ipa could be related to just tapping on that file in dowloads after it's completed the download, unless u have the setting clicked to automatically install from the settings tab. If u click install automatically it will go on it's own after download, u also need to check off the sync with iTunes tab in settings as well if u want it to sync. Hope this helps.
F**K THE STRAWMAN ARGUMENT, have a dose of reality.