jailbreakme.com question and answer

F-Secure has posted a Q+A about the recent jailbreakme.com website and the PDF/kernel vulnerability it exploits in iOS.  It’s worth a read and can be found here: http://www.f-secure.com/weblog/archives/00002004.html

Of note:

  • Effects iOS, NOT just the iPhone (this means ipod, touch, and ipads are susceptible)
  • Combination of two vulnerabilities: one in PDF software and a kernel privilege escalation bug
  • This has nothing to do with Adobe.  PDF support in iOS is built by Apple.  Apple’s PDF implementation is bugged.  Foxit PDF reader has the same vulnerability.
  • This risk exists not only via web but also e-mail, sms, and mms.
  • Mitigation steps until Apple releases a patch?  You can try the third party PDF Warning Loader here: http://chronic-dev.org/blog/2010/08/pdf-loading-warner/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s