JailbreakMe, the latest version of jailbreak tool, is the first browser-based jailbreak tool. Unlike the earlier jailbreak tools such as Spirit, Redsn0w and PwnageTool, you are not required to download any software for the jailbreak. All you need to is to point the Mobile Safari to jailbreak.com and the entire jailbreak process is done within the browser.
I believe many of you have jailbroken your iPhone using JailbreakMe. But you probably do not know what’s going on behind the “Slide to jailbreak” button.
How JailbreakMe works
As widely reported today, VUPEN, a security research company, identified the security flaw in PDF rendering that allows hackers to gain complete control of iPhone. The JailbreakMe actually takes advantage of this PDF exploit found on iOS 4.0/4.0.1 and iPhone OS 3.1.x to make web-based jailbreak possible.
Security researcher from F-Secure Corporation found that the jailbreakme.com site includes 20 separate PDFs for different combinations of hardware and firmware. Depending on the model of iPhone and the OS version, you will download the corresponding PDF file from jailbreakme.com. The PDF file with a corrupted font embedded triggers the PDF exploit that allows full access to the iPhone OS. Jailbreaking and installation of Cydia are the rest of the story.
How to Avoid PDF Attack
While the security flaw allows iPhone Dev team to develop JailbreakMe for iPhone jailbreaking, the bug can also be used by hackers for malicious purposes. Apple said they are aware of the exploit and investigating the issue. However, as of now, there is no fix yet.
To avoid your iPhone from this security flaw, an iPhone developer has developed a utility called “PDF Loading Warner” that displays a warning when mobile Safari loads PDF file from the Internet. It is not a patch for the PDF exploit. The tool is just intended to give you a second thought before opening the PDF file.
Apple iPhone 4 32GB Unlocked | MainBids »
mainbids.com/
“In its ongoing commitment of providing safer, faster and more stable PDF software tools, Foxit is taking a proactive measure in securing its 100 million PDF Reader users against the iPhone/iPad Jailbreaking application that utilizes malicious PDFs to hack the systems of unsuspecting users. Hackers are now trying to use these malicious PDF’s to access sensitive data on desktops. Foxit welcomes all PDF Reader users to download the latest version of the Foxit Reader 4.1.1 which addresses and resolves the issues related to the jailbreak hack.
To protect iPhone/iPad users from the jailbreak program that is being used to exploit iPhones in the way they handle PDFs, Foxit is preannouncing its soon to be submitted PDF Reader App for iPhone. Foxit believes that the upcoming release of its Foxit Reader for iPhone will provide a secure PDF reader for the iPhone. Foxit will be submitting this App within two weeks and it will have full PDF viewing capability. Just as with the Windows Reader, Foxit PDF Reader for iPhone will protect users against malicious PDFs.”