The iOS 4 drive-by jailbreak released over the weekend uses a PDF exploit to weave its magic, according to an analysis by security researchers. The hack, developed by the iPhone Dev Team and available via jailbreakme.com, can be run directly on a device running iOS 4. Earlier tools required a software download that was run via …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Tuesday 3rd August 2010 15:59 GMT Mad Jack

Easiest JB ever

Absolute breeze - don't even need a reboot. kudos to the sploit writers.

5 0
1. Tuesday 3rd August 2010 21:36 GMT Anonymous Coward
  
  Oooh the irony*
  
  "This is not an Adobe bug. It's an Apple bug," he added.
  
  So, if Apple weren't so dead set against letting Adobe put their software onto the iPhone, then maybe this flaw wouldn't be there to exploit in the first place?
  
  *yes I know that;s not the proper meaning of the word irony. Maybe I was being ironic?
  
  0 0
Tuesday 3rd August 2010 21:32 GMT Guido Esperanto

oh the irony

an apple jesus phone being jailbreaked by using non other than an Adobe product.

Would Adobe like to put a chalk mark on the board?

1 3
Tuesday 3rd August 2010 21:33 GMT JaitcH

From Jobs@Apple.com

This is simply another undocumented feature which we planned to activate in a future iOS upgrade.

As you might appreciate we have other pressing (no pun intended) matters to deal with.\

Jobs

2 0
1. Wednesday 4th August 2010 08:50 GMT Anonymous Coward
  
  If apple does make that announcement
  
  I wouldn't be surprised. After all, didn't the DMCA very recently been patched to legalize this?
  
  If Apple blocks this exploit or doesn't provide a way to jailbreak the phone, they'd be running against the DMCA.
  
  0 0
  1. Wednesday 4th August 2010 10:07 GMT Confuciousmobil
    
    I hope not!
    
    Rubbish!
    
    If Apple don't patch this security hole they are asking for trouble. I expect it to be patched VERY soon.
    
    Just because it is legal to JB does not mean Apple must leave security holes.
    
    At the moment the only way to protect yourself is to JB and install PDF Loading Warner from cydia. All non-JB phones are at risk of a malicious payload.
    
    JB now, make sure you have your blobs on file, install PDF Loading Warner and if necessary unlock your phone with UltraSn0w (now available for all 3G/3GS and iPhone 4s)
    
    1 0
2. Wednesday 4th August 2010 12:29 GMT ElNumbre
  
  Nah.
  
  More like "With the launch of the new iDF document format from Apple, we shall drop support for reading PDF documents because hardly anyone uses them, its an insecure format and isn't made in Cupertino".
  
  Wonder what odd's Betfred would offer me for such a launch at next years Apple conference?
  
  0 0
Tuesday 3rd August 2010 21:36 GMT Danington the Third

A Big thanks

to comex, for your great work, and for continuing to help make an already great platform open!

0 1
Tuesday 3rd August 2010 21:37 GMT halms

thanks

nothing is 100% secure. things like this will ensure more secure updates. dont stop hacking!

0 0
Tuesday 3rd August 2010 21:37 GMT Doshu

In-store demo JB

Absolutely priceless.

Cheers.

1 0
Tuesday 3rd August 2010 21:38 GMT Martin Lyne

Hah

Think it'll increase Jobs' love for Adobe? Pffht!

0 1
Tuesday 3rd August 2010 21:39 GMT Phil Rigby

@Easiest JB ever

Completely agree. Just did my iPod Touch (OS 4.0) while playing music, it didn't even flinch. Now Cydia is on the home screen. It just doesn't get any smoother.

2 0
Tuesday 3rd August 2010 21:39 GMT twunt

Spotted this yesterday

When the site was busy it was just serving up the list of pdfs - a different one for each model and firmware version.

0 0
Tuesday 3rd August 2010 21:45 GMT dave 93

Android for iphone?

Come on guys. The hardware is compatible, isn't it?

0 0
1. Wednesday 4th August 2010 13:18 GMT Chris Holt
  
  Re: android for iphone?
  
  You could just google for android on iphone...there are enough sites about it
  
  0 0
2. Wednesday 4th August 2010 13:34 GMT Kay Burley ate my hamster
  
  Bindun
  
  There is a project already, google is your friend for finding that...
  
  Although I'd rather not have to stick electrical tape to my phone...
  
  0 0
Tuesday 3rd August 2010 21:56 GMT CT

"It's unclear weather..."

Foggy is it?

0 0
Wednesday 4th August 2010 00:35 GMT famousringo

Sure hope this gets fixed soon.

Before somebody crafts a malicious site to install something not so benign on hapless iOS visitors.

1 1
1. Wednesday 4th August 2010 15:08 GMT Anonymous Coward
  
  Actually, I hope someone does so.
  
  It would finally bring down the Apple mythos that their platform is so perfect it is unable to get "malware" or "virus" or stuff like that. An exploit that big would be something that not even Jobs would be able to dismiss as a non-problem.
  
  0 0
Wednesday 4th August 2010 00:35 GMT Joerg

Apple hacks itself as usual and as all other manufacturers do...

..but people still buy the marketeers mantra that would be little computer wiz kids hacking and cracking DRM encrypted hardware and earning nothing out of it... like it was ever possible... Common people don't get how complex things are and how much it would cost to do any real reverse engineering. Unless secret agencies and militaries were behind any hacking or cracking thing... it's just a marketing stunt, manufacturers hack/crack themselves in order to sell more hardware, it's just as simple as that.

0 2
Wednesday 4th August 2010 00:36 GMT NightFox

Cloudy with a chance of exploits?

' "It's unclear weather this has any implications on other platforms," Hypponen writes '

Unclear weather - that sums up Summer so far.

0 0
Wednesday 4th August 2010 08:14 GMT Anonymous Coward

I'd nominate it...

Best white-hat hack of the year.

0 0
Wednesday 4th August 2010 08:50 GMT Bruce Hoult

gone by lunchtime

Kudos to the devteam for publicizing this bug.

You can depend on Apple to have a fix out by the end of the weekend, if not before.

Apple really don't care too much if you can jailbreak by modifying an OS image, installing it on a device you're holding in your hand (thus wiping all user data from it), and then restore user data from your last backup. There are no security implications.

But a remote root exploit is an entirely different beast and will not be tolerated.

1 0
Wednesday 4th August 2010 10:10 GMT Geoff Campbell

Oh *splendid*!

Made my day, that did. Excellent work!

GJC

0 0
Wednesday 4th August 2010 17:52 GMT Anonymous Coward

Hun ??

I wouldn't be surprised. After all, didn't the DMCA very recently been patched to legalize this?

If Apple blocks this exploit or doesn't provide a way to jailbreak the phone, they'd be running against the DMCA.

Did I fail English. Allowed does mean forced. Read the DMCA.

0 0