How To Prevent Malicious Websites From Using Security Hole In iOS Used In JailbreakMe – Web-Based Jailbreak Method [Updated]

BY Jason

Published 2 Aug 2010

iPhone Warning

I’m sure everyone agrees that JailbreakMe 2.0 released by Comex yesterday is the easiest method to jailbreak iPhone.

Comex has managed to develop a web-based method by using a security hole in iOS 4, iOS 4.0.1 for iPhone and iPod Touch and iPhone OS 3.2, iOS 3.2.1 for iPad.

Here’s a brief description of how Comex has managed to jailbreak iOS using web-based method:

The jailbreak stuff saved as FlateDecode stream within that PDF file, and vulnerability occurs when Mobile Safari loaded the PDF file, letting iOS to parse the FlateDecode filter, and use the font file inside, then Kaboom.

Experts have raised concern that the security vulnerability in iOS could be exploited in a similar way by malicious websites to install malware.

It is important to note that the security hole has been around for quite sometime so it could have been used by malicious websites, its funny how the experts who were sleeping until now are blaming jailbreaking for exposing the security hole. In this particular situation, jailbreaking offers users a solution to prevent malicious websites from using the security hope in iOS.

If you’re concerned about the security hole then you can follow these steps if you’ve jailbroken your iPhone:

Update:

You can install PDF Loading warner – jailbreak app from Cydia (search for pdf and you should be able to find the jailbreak app), which is a lot easier than installing the .deb file mentioned below. Thanks everyone for the tip!


PDF Loading Warner

  • Download this .deb file from Will Strafach (@cdevwil) and open it on your your iPhone, iPad or iPod Touch using iFile, which is a file manager that can be installed using Cydia.
  • Navigate to /var/mobile and then double tap the .deb file to install it.

After installing the .deb file, you will get the following warning message if a website is automatically trying to open a PDF file:

“View File? The application wants to display a PDF on your device. There is a known bug in the PDF loading code that makes the running of arbitrary code possible, which could compromise your system. Are you sure you want to continue?”

If you don’t trust the website then tap on the ‘Cancel’ button or tap ‘Load’ button to continue.

As you can see, installing the .deb file does not patch the security loop hole but it does warn you against possible malicious attacks.

Based on the nature of the security loophole in iOS, it is widely speculated that Apple will fix it in iOS 4.1, which is currently in beta.

However, iPhone Dev Team and Comex don’t seem worried as chpwn recently tweeted:

You should know that there are /lots/ of public exploits out there, and @comex's JailbreakMe just uses one of them. No big de

So it looks like the cat and mouse game between Apple and the iPhone hacking community will continue, which means that iPhone jailbreakers and unlockers should avoid upgrading to iOS 4.1 when it is released. Users should wait for Comex or iPhone Dev Team to provide an update on how it impacts a jailbroken or unlocked iPhone.

Are you worried about the security hole or glad to be able to jailbreak your iPhone? Tell us in the comments.

[via MacStories]