jailbreakme.com question and answer

Posted on 9-Aug-2010 by .

F-Secure has posted a Q+A about the recent jailbreakme.com website and the PDF/kernel vulnerability it exploits in iOS.  It’s worth a read and can be found here: http://www.f-secure.com/weblog/archives/00002004.html

Of note:

  • Effects iOS, NOT just the iPhone (this means ipod, touch, and ipads are susceptible)
  • Combination of two vulnerabilities: one in PDF software and a kernel privilege escalation bug
  • This has nothing to do with Adobe.  PDF support in iOS is built by Apple.  Apple’s PDF implementation is bugged.  Foxit PDF reader has the same vulnerability.
  • This risk exists not only via web but also e-mail, sms, and mms.
  • Mitigation steps until Apple releases a patch?  You can try the third party PDF Warning Loader here: http://chronic-dev.org/blog/2010/08/pdf-loading-warner/
This entry was posted in news. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>