Apple says iOS update coming to fix new PDF exploit

Posted:
in iPhone edited January 2014
A new browser-based hack that allows users to wirelessly ?jailbreak? their iPhone, iPod touch or iPad has led to fresh concerns over the security of the iOS platform, while Apple has promised that a fix will arrive soon.



The latest version of JailbreakMe.com was released Wednesday by the iOS hacking group Dev-Team. According to the site, users can "just browse to http://www.jailbreakme.com on [their] device and install it from there." The hack resembles an earlier version of JailBreakMe that arrived last year.



But, security researchers worry that the vulnerability could allow hackers to install malware when a user clicks on a malicious PDF.



"The Jailbreakme.com exploit downloads a payload to jailbreak the phone, but it could be changed to deliver a malicious payload," security expert Charlie Miller said. He notes that ?this is the first exploit that can defeat Apple's ASLR (Address Space Layout Randomization)," a technique developed by the Cupertino-based company to obstruct various attacks.



Apple has responded to the concerns via spokeswoman Trudy Millar, who said: "Apple takes security very seriously. We're aware of this reported issue and are developing a fix that will be available to customers in an upcoming software update.?



Jailbreaking an iOS device allows the installation of third-party apps outside of the App Store and is often used for carrier unlocks for the iPhone, though the process does void Apple?s warranty. Last year, the U.S. government declared jailbreaking and unlocking legal, though Apple is not obligated to support modified devices.



Those who are currently running jailbroken devices can fix the flaw by downloading the latest ?PDF Patcher 2? software released by the Dev-Team on the Cydia store for unsanctioned apps, while those with non-jailbroken devices will have to wait for Apple to release a fix. Last year, it took Apple nine days to release an update that solved the PDF exploit.
«1

Comments

  • Reply 1 of 30
    Hell this jailbreak only took 30 secs on my iPhone 4 running 4.2.8. Running smooth too! I read on Cnet the jailbreakme website announced 1 million downloads had been reached in 24 hours. Pretty neat!



    http://reviews.cnet.com/8301-19512_7...?tag=cnetRiver
  • Reply 2 of 30
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by Darkstar2007 View Post


    Hell this jailbreak only took 30 secs on my iPhone 4 running 4.2.8. Running smooth too! I read on Cnet the jailbreakme website announced 1 million downloads had been reached in 24 hours. Pretty neat!



    http://reviews.cnet.com/8301-19512_7...?tag=cnetRiver



    Don't forget to grab the exploit patch from Cydia.
  • Reply 3 of 30
    funkdisfunkdis Posts: 41member
    So apple closed one pdf exploit and left another open?. i thought they would have learned their lesson the first time around with pdf exploits.



    but good for me, hopefully ill be able to unlock my ip4
  • Reply 4 of 30
    nvidia2008nvidia2008 Posts: 9,262member
    Quote:
    Originally Posted by Darkstar2007 View Post


    Hell this jailbreak only took 30 secs on my iPhone 4 running 4.2.8. Running smooth too! I read on Cnet the jailbreakme website announced 1 million downloads had been reached in 24 hours. Pretty neat!



    http://reviews.cnet.com/8301-19512_7...?tag=cnetRiver



    Quote:
    Originally Posted by solipsism View Post


    Don't forget to grab the exploit patch from Cydia.



    Tried it last night on my iPad 2 16GB WiFi. Virtually instant jailbreak. Patched with PDF Patcher 2 from Cydia. First thing I did was to put some of my favourite non-Apple-supplied fonts onto the iPad 2 (using the free Bytafont app on Cydia). Fun.
  • Reply 5 of 30
    Quote:
    Originally Posted by solipsism View Post


    Don't forget to grab the exploit patch from Cydia.





    I forgot about that. Thanks for the reminder! I was overwhelmed by all the extra stuff you can do
  • Reply 6 of 30
    nvidia2008nvidia2008 Posts: 9,262member
    Everyone note that like the previous jailbreak DRM'ed iBooks is also broken on this jailbreak... Well, can't have everything.
  • Reply 7 of 30
    mac.worldmac.world Posts: 340member
    Thanks Apple, but your services are no longer needed. The Dev team took care of the jb AND plugged the hole. Movealong. Nothing to see here.



    END OF LINE
  • Reply 8 of 30
    aiaddictaiaddict Posts: 487member
    More incompetence from Apple. They desperately needed the over the air incremental updates from iOS5 about 3 years ago. Major security holes should not takes days or weeks to patch, and they certainly should not be patched by the hacking community well before Apple gets around to it.



    Oh well, thanks to the Dev-Team for looking out for us while Apple sits on their hands, yet again.
  • Reply 9 of 30
    Gloat while you can, barely literate peasants.



    Keep it up...



    Who smiles in the end?
  • Reply 10 of 30
    aiaddictaiaddict Posts: 487member
    Quote:
    Originally Posted by airmanchairman View Post


    Gloat while you can, barely literate peasants.



    Keep it up...



    Who smiles in the end?





    Does acting like an idiot help you feel like less of a loser? Anyone with half a brain can figure out that this is a MAJOR security flaw and that Apple did not identify it or address it in a timely manner. Heck they still have not released a patch but we hope they will someday soon. It doesn't even take half a brain to figure out this has happened before multiple times. Since you don't seem to get it, I must assume you have very little brain function.



    Go ahead and attack others literacy and social status if it makes you feel better about yourself, but I assure you, no one but you is impressed.
  • Reply 11 of 30
    Quote:
    Originally Posted by airmanchairman View Post


    Gloat while you can, barely literate peasants.



    Keep it up...



    Who smiles in the end?



    Sweet.



    Quote:
    Originally Posted by AIaddict View Post


    Does acting like an idiot help you feel like less of a loser? Anyone with half a brain can figure out that this is a MAJOR security flaw and that Apple did not identify it or address it in a timely manner. Heck they still have not released a patch but we hope they will someday soon. It doesn't even take half a brain to figure out this has happened before multiple times. Since you don't seem to get it, I must assume you have very little brain function.



    Go ahead and attack others literacy and social status if it makes you feel better about yourself, but I assure you, no one but you is impressed.



    The same as above p. (level)



    Just because there is an exploit does not mean Apple is lazy or incompetence. Some things are just unknown until it get discovered. That is just our life. Surely if the dev-team work at Apple they would identify it with Apple and not in the opposition to them. I dont think they would (working at Apple).
  • Reply 12 of 30
    tallest skiltallest skil Posts: 43,399member
    Quote:
    Originally Posted by nvidia2008 View Post


    Everyone note that like the previous jailbreak DRM'ed iBooks is also broken on this jailbreak... Well, can't have everything.



    Since the jailbreak is tethered, if you reboot the device, you can get iBooks back.



    In that state, you lose Safari, though.



    Quote:
    Originally Posted by Mac.World View Post


    Thanks Apple, but your services are no longer needed. The Dev team took care of the jb AND plugged the hole. Movealong. Nothing to see here.



    END OF LINE



    Riddle me this, Mac.World: How do you expect to jailbreak the release version of iOS 5 at all since Apple is patching the hole? You act as though the jailbreakers have actually done something good. Or something at all. They haven't.
  • Reply 13 of 30
    hill60hill60 Posts: 6,992member
    It's interesting that the source you install once jailbroken, that deals in pirated Apps has a message saying they can't keep up with demand since this exploit was released.



    Of course the apologists will probably start chiming in about how jailbreaking is never used for piracy.
  • Reply 14 of 30
    tallest skiltallest skil Posts: 43,399member
    Quote:
    Originally Posted by hill60 View Post


    Of course the apologists will probably start chiming in about how jailbreaking is never used for piracy.



    I've never seen a single person say that. Get over yourself.



    What I HAVE seen is people saying that jailbreaking isn't EXCLUSIVELY used for piracy, which is true.
  • Reply 15 of 30
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by hill60 View Post


    Of course the apologists will probably start chiming in about how jailbreaking is never used for piracy.



    Where has that ever been posted?
  • Reply 16 of 30
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by hill60 View Post


    Of course the apologists will probably start chiming in about how jailbreaking is never used for piracy.



    Where has that ever been posted?
  • Reply 17 of 30
    macrulezmacrulez Posts: 2,455member
    deleted
  • Reply 18 of 30
    eye forgeteye forget Posts: 154member
    Quote:
    Originally Posted by Tallest Skil View Post


    Since the jailbreak is tethered, if you reboot the device, you can get iBooks back.



    ?? It's untethered. Always has been.
  • Reply 19 of 30
    tallest skiltallest skil Posts: 43,399member
    Quote:
    Originally Posted by Eye Forget View Post


    ?? It's untethered. Always has been.



    Oh. Whoops. I'm talking about iOS 5 beta 2's jailbreak which behaves the same way as whatever this one does, apparently.
  • Reply 20 of 30
    hill60hill60 Posts: 6,992member
    Quote:
    Originally Posted by MacRulez View Post


    Straw man.



    Meanwhile:



    JailbreakMe.com 3.0 Surpasses 1 Million Jailbreaks in Under 24 Hours

    http://www.iphoneincanada.ca/jailbre...nder-24-hours/



    Pirates, overloading the pirated App servers.



    Quote:

    Tario70

    Posted Today, 04:53 AM

    If you ever get an error, like API unavailable, be sure to check a*******r.org to ensure it is up.



    I also received the API error & guess what, a********r.org is DOWN! Which means we all cannot download anything.



    I know it's been said a few times in this thread, but BE PATIENT. The servers are being hammered right now & the amount of traffic is killing the server.



    On a side note, perhaps a lot of people would benefit from using A******r & saving the IPA's that you download so that when a new jailbreak comes out you don't need to bombard a*******r/i******us for your apps. That's how I do it & that means I'm only hitting a********r/i*******us when an app has an update. It definitely could reduce the strain on the servers in the future.



    ~Tario70



    The pirates have been unleashed, well done Dev Team you are aiding and abetting thieves, in spite of the bulls**t disclaimer.



    Quote:

    tdb94

    \t

    Posted Today, 08:18 AM

    I think API error is due to traffic on i*******us, as far as invalid ipa, that just means that the file u downloaded was not cracked properly, try a different source and cracker. Not installing with a good .ipa could be related to just tapping on that file in dowloads after it's completed the download, unless u have the setting clicked to automatically install from the settings tab. If u click install automatically it will go on it's own after download, u also need to check off the sync with iTunes tab in settings as well if u want it to sync. Hope this helps.



    F**K THE STRAWMAN ARGUMENT, have a dose of reality.
Sign In or Register to comment.