Tuesday, August 3, 2010

New Safari Bug Being Used to Jailbreak iPhone 4

Via Threatpost.com -

A Web site set up to help iPhone users jailbreak their devices is using a flaw in the way that the iPhone handles PDF files to escape the phone's sandbox security function and enable users to load applications that aren't in Apple's official App Store. The same flaw could easily be used to install malicious software in drive-by download attacks, experts say.

The Jailbreakme.com site is designed to help users jailbreak their phones, which gives them the ability to circumvent Apple's process for approving iPhone apps and load apps from any source they choose. Such sites are not new, but the new service on Jailbreakme.com appears to use a previously unknown vulnerability in the iPhone. Initial reports indicated that the vulnerability was in the mobile version of Apple's Safari browser. But it now appears that the problem is in a component meant to be used for displaying PDFs.

The iPhone doesn't have a mobile version of the Adobe Reader software and instead reads PDF files natively. So the technique that Jailbreakme.com is using likely is exploiting a new bug in the iPhone itself, experts say. The iPhone has several security protections in place that are designed both to prevent malicious code from running on the device and also to stop users from loading unapproved apps on the phone.

Adobe security and privacy chief Brad Arkin said that the company does not have any evidence to indicate that Reader is involved in the exploit.


---------------------------------------------------------------------

http://www.f-secure.com/weblog/archives/00002002.html

The iOS drive-by jailbreak available at jailbreakme.com utilizes a PDF exploit. The PDF files, 20 of them, for various combinations of hardware/firmware, are located in a subdirectory off the root of the website.
----------------------------------------------------------------------

Adobe Security & Privacy Chief Brad Arkin said the following on twitter yesterday...
The jailbreakme PDF appears to exploit a flaw in mobile Safari. Quick testing indicates Adobe Reader 9.3.3 is not vulnerable.
----------------------------------------------------------------------

In a fun twist of faith, those users that have jailbroken their phones can install the "PDF Loading Warner" app from Cydia and help mitigate the vulnerability by canceling any PDF load.

No comments:

Post a Comment