Earlier today, Comex released JailbreakMe 3.0, which jailbreaks any iPhone, iPad, or iPod touch running the latest version of iOS, 4.3.3. It’s an untethered jailbreak, too, meaning you only have to apply it once. The big news, though, is that JailbreakMe is astoundingly easy to use: you simply navigate to a website on your iOS device, click Install, and a few seconds later Cydia will appear. JailbreakMe, unlike Redsn0w and PwnageTool, is entirely web-based. It’s really rather genius: a foolproof tool that empowers the everyday Apple user.
But let’s step back a bit and look at the actual implications of this exploit – because ultimately, that’s what it is. JailbreakMe can jailbreak your iPad or iPhone from a website. Yes, in this current incarnation you have to click Install, but you could easily copy the JailbreakMe site and create a version that jailbreaks your iOS device without your consent. Now, what if you use the same exploit to install something else, like a backdoor Trojan or code to turn the device into a botnet zombie?
Believe it or not (this is golden), the exploit actually uses a vulnerability in iOS’s PDF reader. Yes, if you thought that Adobe’s infamous file type only afflicts Windows users, think again. JailbreakMe, using a specially-crafted PDF, somehow rewrites the bootloader on your iOS device. When you click Install, Safari fetches a PDF file, tries to open it, and summarily executes the jailbreak. Only Comex, the author of the tool, knows the exact exploit, but it’s probably a hole that allows the execution of arbitrary ARM opcodes. The terrifying thing is, as the exploit hasn’t been fully detailed, the same hole might also provide easy access to your photos, address book, browsing history, and more.
With JailbreakMe 3.0 now in the wild, it’s really just a matter of time until the exploit is reverse engineered and used for nefarious purposes — and yes, in case you were wondering, the latest beta version of iOS 5 is vulnerable to the same attack vector as well. It’s highly likely that Apple will move quickly to plug the hole with a quick release of iOS 4.3.4, but we’re talking about days or weeks until a potential fix is issued. Even then — and this is the main problem — many users will want to keep their devices on iOS 4.3.3 for the untethered jailbreak.
The ultimate irony, though, is that there’s actually a fix for the vulnerability: It’s called PDF Patcher 2, and you can only install it if your phone is jailbroken. So, if you’ve used JailbreakMe 3.0 to jailbreak your iOS device, and you want to make sure you’re safe from zero-day attacks, be sure to install PDF Patcher 2 from Cydia.
Read more at DevTeam.
R.
Nessun commento:
Posta un commento