• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • The FlateDecode Hole: How JailbreakMe Gets Root


    The simple, elegant JailbreakMe tool exploits a zero-day security hole in Mobile Safari to gain root access to the iOS kernel. The vulnerability, which involves a filter used with embedded files in PDF documents, could still be used by malicious hackers to attack any iOS device, not just jailbroken ones. However, until Apple fixes the hole, the only way to protect yourself is to jailbreak and install @cdevwill's PDF Loading Warner tweak. Tell your friends.

    Ching-Lan Huang has a nice technical explanation of how the FlateDecode exploit works. Basically, the PDF file used for JailbreakMe contains a payload that is disguised as a Compact Font Format (CFF) file. FlateDecode - which is a lossless general purpose filter for any data compressed with the zlib implementation of classic RFC1951 deflate - uncompresses and loads the CFF file from the stream, which causes the font stack to overflow. As Huang describes it: "Kaboom." The payload then executes, jailbreaks your device, and loads Cydia.

    Charlie Miller, who found a similar vulnerability in Mac OS X Safari, calls this exploit "very beautiful work," adding that it's "scary how it totally defeats Apple’s security architecture." What can't be emphasized enough is that this is a door Apple left jammed open, not one that comex broke open. The hole was there from the beginning (which is why we call it a "zero-day" vulnerability), and it's still there now, on every iOS device, jailbroken or not. What the Dev-Team's Will (@cdevwill) Strafach put together is a simple tweak, PDF Loading Warner, that will detect when a PDF file is attempting to load arbitrary code. If you're on a trusted site, you can choose "Load," or otherwise tap "Cancel" and you're all good.

    Good news/bad news: as @chpwn tweeted yesterday, "there are /lots/ of public exploits out there, and @comex's JailbreakMe just uses one of them." So it's "no big deal" if Apple fixes this one, because there are, apparently, enough holes in the system to allow future jailbreaks. Yikes. And Apple complains about jailbreaks causing "compromised security..."
    This article was originally published in forum thread: The FlateDecode Hole: How JailbreakMe Gets Root started by Paul Daniel Ash View original post
    Comments 83 Comments
    1. confucious's Avatar
      confucious -
      No - you shoule be using Dev-Team Blog - Fixing what Apple won't now.
    1. Joseph_Prophet's Avatar
      Joseph_Prophet -
      Quote Originally Posted by andyharp View Post
      I'm confused. All this pdf warning app does is every time you open a pdf is says "hey your opening a pdf so watch out" it does not actually look the pdf over for an exploit or anything. So once youve been told why do we need an app to tell us every time we open a pdf???
      Don't get me wrong I give credit to who discovered this exploit, but do I really need the app now that it is known??
      a pdf can be loaded without your knowledge, as with jailbreakme.com, leaving you helpless against attacks by malicious hackers. the pdf patch prevents this.
    1. confucious's Avatar
      confucious -
      It was a good stopgap but the PDF Patch app in cydia is better. Install it now if you haven't already!