Latest in Comex

Image credit:

Jailbreakme site utilizes PDF exploit in iOS


We reported on the return of browser-based yesterday. Today IT security guru F-Secure revealed just how the site is able to work.

The jailbreak method utilizes a PDF exploit found in the iOS software. Charlie Miller with Independent Security Evaluators, tweeted, " Starting to get a handle on exploit. Very beautiful work. Scary how it totally defeats Apple's security architecture."

What the exploit does is take a PDF sitting in a subdirectory of, shown on the right, and brings it into your device. PDF browsing is done through Safari, and the jailbreak exploits that weakness by using a corrupted font placed inside the PDF file to crash the Compact Font Format handler and allows access to the iOS.

iPhone devteam member chpwn told us today, "There are other (public) exploits in Safari, including some on Apple's website that are fixed in desktop Safari but not iOS. Therefore, the JailbreakMe exploit isn't really a big deal for security."

And even if it is, apparently there are other ways into the system. Comex, author of the exploit, sent a tweet yesterday saying, "M aybe I'll rely on USB based stuff for the next jailbreak so that Apple won't patch it so fast."

From around the web

ear iconeye icontext filevr