PdfExploit
Latest
Apple iOS 4.3.4 software update may fix iPhone hole, block PDF jailbreak
Remember that PDF exploit from last year that JailbreakMe 2.0 was using to unlock your iPhone with just a few taps? Well, Apple patched it. And now it's apparently back. According to the Wall Street Journal, Apple acknowledged the exploit, and is working on an update at this very moment. In addition to the JailbreakMe 3.0 hack that came to light last week, the hole can also be used for some not-so-noble efforts, like grabbing your contacts database, accessing saved passwords, or activating your iPad or iPhone's built-in camera. And nobody wants that. For one reason or another, German authorities have taken the lead on encouraging Apple to investigate, and have also warned all users to avoid opening PDF docs from untrusted sources. And we're happy to echo that rather solid advice, given the implications. Ironically, JailbreakMe includes a patch for the very hole that allows it to function in the first place, so if you're terrified that rogue PDFs will take over your devices, that's an option to consider in the meantime.
iOS 4.0.2 for iPhone/iPod touch, iOS 3.2.2 updates available now
Within the last few minutes, iOS 4.0.2 for iPhone 3G, 3GS, 4, and iPod touch 2nd and 3rd generation (late 2009 models with 32 or 64 GB) has become available for download. In addition, the iPad has received an update to iOS 3.2.2. The updates fix a security vulnerability that was associated with viewing malicious PDF files. It doesn't appear that there are any fixes to any other issues (i.e., the proximity sensor glitch), but the fix to the PDF exploit insures that the iOS platform remains secure. For a security fix, the update is huge -- the iPhone update is 580MB in size and the iPad update is 457MB. For a look at more detailed information about what the updates patch, check out the iOS 4.0.2 Update description and the iOS 3.2.2 Update description on Apple's website.
Apple releases iOS 4.0.2 for iPhone and 3.2.2 for iPad, fixes PDF vulnerability
Bad news, jailbreakers: as promised, Apple's just released iOS 4.0.2 for the iPhone and 3.2.2 for the iPad, both of which close the PDF exploit used by JailbreakMe. That appears to be the only change -- it's definitely good news for anyone concerned about iOS security, although we're guessing the Dev Team is hard at work finding a new way to crack iOS open once again. We'll let you know if we find anything else -- won't you do the same?
Apple: PDF security hole fix is already ready to go
JailbreakMe brought root to the iPhone 4-wielding masses, but also unearthed a nasty exploit in a PDF font. Thankfully for the rooted and those who never intended to root, Cupertino claims it has already patched the hole. "We're aware of the reported issue, we have already developed a fix and it will be available to customers in an upcoming software update," an Apple spokeswoman told CNET. We're not sure exactly when it will arrive, but we'd lay odds on soon -- in the meantime, don't open any PDFs you don't trust, don't do anything illegal or immoral, and hit up Comex's hack ASAP if your heart's still set on that shiny new unlock. [Image Source: F-Secure]
JailbreakMe using PDF exploit to hack your iPhone, so could the baddies; Apple looking into reports
As with any jailbreak or rooting of a handset, "hacking" a phone OS is usually exactly that: exploiting a weakness to get unsigned code onto a device. That means that any other hacker, be they sufficiently nefarious, could use that same exploit to mess with your phone in the bad, not-installing-emulators-off-of-Cydia sense. Early iPhone jailbreaks (back when installing your own ringtones was a wild idea) took advantage of a TIFF exploit, the recent EVO 4G root found a hole in Flash Lite, and the JailbreakMe exploit is stuffing its code in a PDF font. Until Apple patches this exploit (when asked, Apple told us it was "aware of the reports and looking into them") we'd be extra careful about which PDFs we open -- there aren't any reports of malicious use so far, but with Safari's seamless handling of PDFs, it wouldn't be hard for some hacker to hide a potentially phone-invading PDF behind some harmless looking hyperlink. The iPhone devteam points out that this isn't the only known exploit for Safari on iOS, so there's no need to start hyperventilating about this particular one... unless it's a slow day at your mainstream media publication and you're looking for something to hyperventilate about. Oh, and are you looking for a surefire way to steer clear of PDFs? Cydia has a PDF loading warner that lets you skip PDFs your browser is trying to load on a case by case basis. Of course, you'll need to jailbreak your phone to use it. Ironic, right?
