JailBreakMe and vulnerability waiting to be exploited

iPhone users jailbroke their iPhones to circumvent any blocking by the original IOS firmware, and allow them to have more control over the phone, with regards to software installation and so on. I have a friend who jailbreak his phone, and it look tedious. I dont really know, because I dont have an iPhone.

Jailbreaking becomes much easier now. You just need to browse through the site, some clicks, and your iPhone were jailbroken. What jailbreakme.com did is kind of a drive-by exploitation, a technique malware writers used to infect with malware/virus, by exploiting vulnerability in the browser by viewing a PDF file. In this case, jailbreakme.com used the exploit code to exploit a vulnerability in PDF reader in iDevices, to jailbreak the device. @comex found the vulnerability, and use it in jailbreakme.com. And actually, at the time when this article was written, the PDF files can be found here. http://www.jailbreakme.com/saffron/_/

For whatever purpose you want to jailbreak your iPhone, I don’t care. But the issue arises as it is really EXPLOITING a vulnerability in your iPhone device. Practically, not just iPhone, but iPad and iPod. It means, your iDevice might still have this vulnerability which is exploitable. What does it mean by exploitable? It means someone can execute a malicious code, some people might understand as “hacking into” your iDevices, to do anything that they want, without your authorization.

Apple have announced that the patch will be available in the next update, which leave your iPhone hackable or exploitable in the mean time. Jailbroken iDevices by jailbreakme.com can download additional patch to patch the vulnerability, called PDF patch 2. But for virgin IDevice, you remains vulnerable until the next update.

The PDF file used by jailbreakme.com is available for public access, at http://www.jailbreakme.com/saffron/_/. There are rumors that someone have started writing malicious code to exploit this vulnerability, and it is on its way now.

I found a few articles which gives an insight on security in mobile devices, and currently pointing to the few who conquer the mobile device market share currently. Security Showdown: Android Vs. iOS and by ThreatPost, New iPhone Jailbreak Make Short Work of World’s ‘most secure’ OS

Additional note:
IOS Hardening Configuration Guide, by Australia Government, Department of Defense

Leave a Reply

Your email address will not be published. Required fields are marked *