The hack can be accomplished by visiting the website jailbreakme.com on an iPhone, iPad or iPod touch. It is compatible with all of Apple's current iOS-powered mobile devices, including the iPad 2 and iPhone 4.
The hack was developed by "comex," Grant "chpwn" Paul and Jay "saurik" Freeman, and is compatible with iOS 4.3 through 4.3.3 on all iPads, the iPhone 3GS, GSM iPhone 4, and third- and fourth-generation iPod touch. It also works with iOS 4.2.6 through 4.2.8 for the CDMA iPhone 4.
The official site tells visitors they can jailbreak their iOS device to experience the software "fully customizable, themeable, and with every tweak you could possibly imagine." Jailbreaking is the term used to describe hacking iOS to allow users to install custom software and tweaks not approved by Apple.
The site also refers to jailbreaking as "safe and completely reversible," as users can restore their iPhone or iPad to the original, unaltered iOS software by restoring with iTunes. But jailbreaking is also a warranty-voiding process that Apple has warned users carries security risks. In 2009, a worm spread only on jailbroken iPhones that had enabled SSH for file transfer and did not change the default password.
Last July, the U.S. government affirmed that the process of jailbreaking is considered legal, though Apple is under no obligation to support users who have issues with hacked software.
The new "jailbreakme" site also asks users: "Please don't use this for piracy." While software can be legally downloaded or even sold through the jailbreak-only "Cydia" store, jailbreaking can also be used to pirate software that is sold on Apple's App Store.
This week's new jailbreak method is the second time hackers have exploited a PDF-related security hole in the Mobile Safari browser. The previous hack, issued last August, relied on a corrupt font to crash Safari's Compact Font Format handler.
Ironically, hackers who exploited the PDF security hole in iOS last year also delivered their own security fix to address the very same issue on jailbroken devices. The patch aimed to ensure that dishonest hackers would not be able to utilize the exploit for malicious purposes.
73 Comments
Whenever I feel down I just think about these guys who REALLY don't have lives, and feel so much better.
Whenever I feel down I just think about these guys who REALLY don't have lives, and feel so much better.
Indeed. The reaction to this news on most sites I've seen this morning is either a yawn, or a "why would anyone jailbreak anymore?"
If jailbreaking isn't already on the wane, the rise of WebApps next year and the year after will put the last nail in the coffin. It will actually be better because it will go back to being something that a techie does for laughs instead of a mock business run by 17 year old asshats.
The new "jailbreakme" site also asks users: "Please don't use this for piracy."
Oh, Ok.... since you said "please".
It's becoming harder and harder to find a reason to jailbreak anymore (for me at least). It used to be that I had a ton of jailbreak applications that I would use because Apple hadn't bothered to implement the features yet. But Apple has slowly begun to add features that I previously found only on Cydia.
Now I still jailbreak on my iPhone 4, but only for MyWi and DataDeposit.
I'm glad that they were able to make a jailbreak for the iPad 2, but I see real little reason to jailbreak my iPad 2... and with iOS 5 coming, I REALLY won't need to jailbreak it all.
The significance here isn't that it's a jailbreak - it's that it's a web based rootkit. ie. this is a huge gaping hole in the iPhone's security model - and once again comes curtesy of the PDF reader.
The curse of Adobe strikes again!