Thursday, August 5, 2010

JailbreakMe Utilizes PDF Exploit to Jailbreak Your iPhone

JailbreakMe Utilizes PDF Exploit to Jailbreak Your iPhone
JailbreakMe, the latest version of jailbreak tool, is the first browser-based jailbreak tool. Unlike the earlier jailbreak tools such as Spirit, Redsn0w and PwnageTool, you are not required to download any software for the jailbreak. All you need to is to point the Mobile Safari to jailbreak.com and the entire jailbreak process is done within [...]



JailbreakMe, the latest version of jailbreak tool, is the first browser-based jailbreak tool. Unlike the earlier jailbreak tools such as Spirit, Redsn0w and PwnageTool, you are not required to download any software for the jailbreak. All you need to is to point the Mobile Safari to jailbreak.com and the entire jailbreak process is done within the browser.

I believe many of you have jailbroken your iPhone using JailbreakMe. But you probably do not know what’s going on behind the “Slide to jailbreak” button.

How JailbreakMe works

As widely reported today, VUPEN, a security research company, identified the security flaw in PDF rendering that allows hackers to gain complete control of iPhone. The JailbreakMe actually takes advantage of this PDF exploit found on iOS 4.0/4.0.1 and iPhone OS 3.1.x to make web-based jailbreak possible.

Security researcher from F-Secure Corporation found that the jailbreakme.com site includes 20 separate PDFs for different combinations of hardware and firmware. Depending on the model of iPhone and the OS version, you will download the corresponding PDF file from jailbreakme.com. The PDF file with a corrupted font embedded triggers the PDF exploit that allows full access to the iPhone OS. Jailbreaking and installation of Cydia are the rest of the story.

How to Avoid PDF Attack

While the security flaw allows iPhone Dev team to develop JailbreakMe for iPhone jailbreaking, the bug can also be used by hackers for malicious purposes. Apple said they are aware of the exploit and investigating the issue. However, as of now, there is no fix yet.

To avoid your iPhone from this security flaw, an iPhone developer has developed a utility called “PDF Loading Warner” that displays a warning when mobile Safari loads PDF file from the Internet. It is not a patch for the PDF exploit. The tool is just intended to give you a second thought before opening the PDF file.





Olivia Wilde
Megan Fox
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)