JailbreakMe using PDF exploit to hack your iPhone, so could the baddies

August 3rd, 2010, 22:09 Posted By: wraggster



As with any jailbreak or rooting of a handset, "hacking" a phone OS is usually exactly that: exploiting a weakness to get unsigned code onto a device. That means that any other hacker, be they sufficiently nefarious, could use that same exploit to mess with your phone in the bad, not-installing-emulators-off-of-Cydia sense. Early iPhone jailbreaks (back when installing your own ringtones was a wild idea) took advantage of a TIFF exploit, the recent EVO 4G root found a hole in Flash Lite, and the JailbreakMe exploit is stuffing its code in a PDF font. Until Apple patches this exploit (when asked, Apple told us it was "aware of the reports and looking into them") we'd be extra careful about which PDFs we open -- there aren't any reports of malicious use so far, but with Safari's seamless handling of PDFs, it wouldn't be hard for some hacker to hide a potentially phone-invading PDF behind some harmless looking hyperlink. The iPhone devteam points out that this isn't the only known exploit for Safari on iOS, so there's no need to start hyperventilating about this particular one... unless it's a slow day at your mainstream media publication and you're looking for something to hyperventilate about.

Oh, and are you looking for a surefire way to steer clear of PDFs? Cydia has a PDF loading warner that lets you skip PDFs your browser is trying to load on a case by case basis. Of course, you'll need to jailbreak your phone to use it. Ironic, right?

http://www.engadget.com/2010/08/03/j...-so-could-the/

There are 0 comments - Join In and Discuss Here