Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple says iOS update coming to fix new PDF exploit

A new browser-based hack that allows users to wirelessly “jailbreak” their iPhone, iPod touch or iPad has led to fresh concerns over the security of the iOS platform, while Apple has promised that a fix will arrive soon.

The latest version of JailbreakMe.com was released Wednesday by the iOS hacking group Dev-Team. According to the site, users can "just browse to http://www.jailbreakme.com on [their] device and install it from there." The hack resembles an earlier version of JailBreakMe that arrived last year.

But, security researchers worry that the vulnerability could allow hackers to install malware when a user clicks on a malicious PDF.

"The Jailbreakme.com exploit downloads a payload to jailbreak the phone, but it could be changed to deliver a malicious payload," security expert Charlie Miller said. He notes that “this is the first exploit that can defeat Apple's ASLR (Address Space Layout Randomization)," a technique developed by the Cupertino-based company to obstruct various attacks.

Apple has responded to the concerns via spokeswoman Trudy Millar, who said: "Apple takes security very seriously. We're aware of this reported issue and are developing a fix that will be available to customers in an upcoming software update.”

Jailbreaking an iOS device allows the installation of third-party apps outside of the App Store and is often used for carrier unlocks for the iPhone, though the process does void Apple’s warranty. Last year, the U.S. government declared jailbreaking and unlocking legal, though Apple is not obligated to support modified devices.

Those who are currently running jailbroken devices can fix the flaw by downloading the latest “PDF Patcher 2” software released by the Dev-Team on the Cydia store for unsanctioned apps, while those with non-jailbroken devices will have to wait for Apple to release a fix. Last year, it took Apple nine days to release an update that solved the PDF exploit.



30 Comments

darkstar2007 13 Years · 35 comments

Hell this jailbreak only took 30 secs on my iPhone 4 running 4.2.8. Running smooth too! I read on Cnet the jailbreakme website announced 1 million downloads had been reached in 24 hours. Pretty neat!

http://reviews.cnet.com/8301-19512_7...?tag=cnetRiver

solipsism 18 Years · 25701 comments

Quote:
Originally Posted by Darkstar2007

Hell this jailbreak only took 30 secs on my iPhone 4 running 4.2.8. Running smooth too! I read on Cnet the jailbreakme website announced 1 million downloads had been reached in 24 hours. Pretty neat!

http://reviews.cnet.com/8301-19512_7...?tag=cnetRiver

Don't forget to grab the exploit patch from Cydia.

funkdis 14 Years · 40 comments

So apple closed one pdf exploit and left another open?. i thought they would have learned their lesson the first time around with pdf exploits.

but good for me, hopefully ill be able to unlock my ip4

nvidia2008 17 Years · 9117 comments

Quote:
Originally Posted by Darkstar2007

Hell this jailbreak only took 30 secs on my iPhone 4 running 4.2.8. Running smooth too! I read on Cnet the jailbreakme website announced 1 million downloads had been reached in 24 hours. Pretty neat!

http://reviews.cnet.com/8301-19512_7...?tag=cnetRiver

Quote:
Originally Posted by solipsism

Don't forget to grab the exploit patch from Cydia.

Tried it last night on my iPad 2 16GB WiFi. Virtually instant jailbreak. Patched with PDF Patcher 2 from Cydia. First thing I did was to put some of my favourite non-Apple-supplied fonts onto the iPad 2 (using the free Bytafont app on Cydia). Fun.

darkstar2007 13 Years · 35 comments

Quote:
Originally Posted by solipsism

Don't forget to grab the exploit patch from Cydia.


I forgot about that. Thanks for the reminder! I was overwhelmed by all the extra stuff you can do