PDF Vulnerability Exposed by JailbreakMe

The JailbreakMe website which allows users to have a browser-based jailbreak for their iOS devices is great for jailbreakers, but works because of a vulnerability in iOS: the iPhone automatically downloads PDF files, and the developer, Comex injected the jailbreak code into the FlateDecode stream section of the file.

This is a clear problem for Apple and for non-jailbreakers. Why is it not a problem for jailbreakers? Well, once the device is jailbroken, you can patch the hole, to prevent malware from using the same trick to hack into your iPhone. The fix, or rather the workaround, comes from @cdevwill on Twitter on Monday.

cdevwill's change will present a user with a warning whenever a PDF file is about to be opened by iOS. This will prevent a malicious website from loading malware using a PDF file without the user's knowledge.

In fact, if you look, the fix should be on Cydia later today as "PDF Warning Loader." That should include everything you need to install the fix easily. If instead, you can't wait, you'll have to follow the following instructions (assuming you've already jailbroken your iPhone) and installed OpenSSH from Cydia.

Download this .deb file. Place it in /var/mobile on your device.

Then, you need to open it on your device. On the Mac, you can use Terminal, as follows:
  • ssh root@your IP address
  • alpine (default password for SSH; if you've changed it use that new password)
  • dpkg -i file.deb
Your IP address is located under Settings, Wifi, active wifi connection.

Using iFile: on your iPhone, simply navigate to /var/mobile and double tap on the .deb file to install it.

Once again, you can try to look for the package to appear on Cydia, and as we also said, this is really just a safeguard / workaround. Apple will have to patch this security hole in a future update of iOS (which will also, naturally, close this jailbreak).
Via:  Macstories
Inspector 4 years ago

So does this mean I should jailbreak my iphone now? I was going to do it when that came out but didn't want to backup my iphone because I takes forever... But seeing that a bug is in the system...

realneil 4 years ago

Should I buy an iPhone now and jailbreak it?


CDeeter 4 years ago

Is this the same vulnerability that AP News is referring to in the following article. Will the work around possibly work for non-jail broke phones?

Article follows.


Aug 4, 3:51 PM (ET)


BERLIN (AP) - Several versions of Apple's iPhone, iPad, and iPod Touch have potentially serious security problems, a German government agency said in an official warning Wednesday.

Apple's iOS operating system has "two critical weak points for which no patch exists," the Federal Office for Information Security said.

Opening a manipulated website or a PDF file could allow criminals to spy on passwords, planners, photos, text messages, e-mails and even listen in to phone conversations, the agency said in a statement.

"This allows potential attackers access to the complete system, including administrator rights," it added, urging users not to open PDF files on their mobile devices and only use trustworthy websites until Apple Inc. publishes a software update.

A spokesman for Apple in Germany, Georg Albrecht, told The Associated Press that the company is looking into the matter.

"We know these reports and are investigating them," he said, refusing to elaborate.

Although no attacks have been observed yet they were likely to appear soon, the German agency said.

"It has to be expected that hackers will soon use the weak spots for attacks," it said, noting that the devices' popularity could lead to attacks within the corporate world - possibly facilitating industrial espionage.

The security loophole became obvious after reports about a successful hacking of Apple's iOS operating system emerged on Monday, a spokeswoman for the agency, Katrin Alberts, said.

"Since then, information used in this hack is publicly available and can be used to infect an iOS device simply by opening a specially crafted PDF file," she told the AP.

The application targeted in such an attack, Alberts noted, is not Adobe Systems Inc.'s Acrobat reader which allows users to view PDF files, but Apple's internal application for opening those files on its iOS devices.

"We decided to communicate this proactively because a potential attacker may gain access to the entire device," Alberts said.

The federal agency, based in Bonn, said it was in contact with Apple on the issue. The warning relates to iPhones using iOS versions 3.1.2-4.0.1., iPads using iOS 3.2-3.2.1 and iPods Touch using iOS 3.1.2.-4.0.

The agency said it was possible but not clear whether older iOS or iPhone OS versions could also be affected.

With their mobile devices, users should not only stay clear of PDF files they get by e-mail, but also of those found via search engines, as they could be infected, Alberts said.

In the worst case, attackers could get hold of passwords, banking and other personal data. A user's contacts could also be used for sending spam e-mails, she said.

Any advice you can offer would really be appreciated.


Post a Comment
or Register to comment