• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • The FlateDecode Hole: How JailbreakMe Gets Root


    The simple, elegant JailbreakMe tool exploits a zero-day security hole in Mobile Safari to gain root access to the iOS kernel. The vulnerability, which involves a filter used with embedded files in PDF documents, could still be used by malicious hackers to attack any iOS device, not just jailbroken ones. However, until Apple fixes the hole, the only way to protect yourself is to jailbreak and install @cdevwill's PDF Loading Warner tweak. Tell your friends.

    Ching-Lan Huang has a nice technical explanation of how the FlateDecode exploit works. Basically, the PDF file used for JailbreakMe contains a payload that is disguised as a Compact Font Format (CFF) file. FlateDecode - which is a lossless general purpose filter for any data compressed with the zlib implementation of classic RFC1951 deflate - uncompresses and loads the CFF file from the stream, which causes the font stack to overflow. As Huang describes it: "Kaboom." The payload then executes, jailbreaks your device, and loads Cydia.

    Charlie Miller, who found a similar vulnerability in Mac OS X Safari, calls this exploit "very beautiful work," adding that it's "scary how it totally defeats Apple’s security architecture." What can't be emphasized enough is that this is a door Apple left jammed open, not one that comex broke open. The hole was there from the beginning (which is why we call it a "zero-day" vulnerability), and it's still there now, on every iOS device, jailbroken or not. What the Dev-Team's Will (@cdevwill) Strafach put together is a simple tweak, PDF Loading Warner, that will detect when a PDF file is attempting to load arbitrary code. If you're on a trusted site, you can choose "Load," or otherwise tap "Cancel" and you're all good.

    Good news/bad news: as @chpwn tweeted yesterday, "there are /lots/ of public exploits out there, and @comex's JailbreakMe just uses one of them." So it's "no big deal" if Apple fixes this one, because there are, apparently, enough holes in the system to allow future jailbreaks. Yikes. And Apple complains about jailbreaks causing "compromised security..."
    This article was originally published in forum thread: The FlateDecode Hole: How JailbreakMe Gets Root started by Paul Daniel Ash View original post
    Comments 83 Comments
    1. natim's Avatar
      natim -
      I saw where they already warned about Apple plugging this hole in the beta 4.1 and not to update as usual
    1. TheOrioles33's Avatar
      TheOrioles33 -
      Wow! So jailbreaking is making us more secure. Nice.
    1. Neo0019's Avatar
      Neo0019 -
      cool, all I care about at this point is for the Unlock!!!!!!
    1. exNavy's Avatar
      exNavy -
      Great behind the scenes info! Thanks.
    1. fventura03's Avatar
      fventura03 -
      Quote Originally Posted by Neo0019 View Post
      cool, all I care about at this point is for the Unlock!!!!!!
      what does that have to do with anything in this thread? let the dev team release their stuff when they get to it, stop flooding threads about this crap.

      edit: on topic though, i just installed it. glad to have that extra security.
    1. amandej's Avatar
      amandej -
      still cant open my ibooks
    1. sandstorm77's Avatar
      sandstorm77 -
      Fantastic!
    1. dark_stranger's Avatar
      dark_stranger -
      its very clever, still hurts my head trying to figure out how they managed to jailbreak my phone, just by me going to a webpage. Very smart people.

      And I guess, if you want to remain having the ability to jailbreak your phone, dont update safari on your phone.
    1. lorderick70's Avatar
      lorderick70 -
      Jailbreak is the best!!!
    1. tudtran's Avatar
      tudtran -
      Thanks, my iphone is installing it right now.
    1. jdonn2009's Avatar
      jdonn2009 -
      this is a zero day exploit which means that its been open for a while... there is no update for safari on your phone so thats nothing your going to have to worry about... download the PDF Loading Warner and pay attention to what pdf's you allow to connect... thats the only way to stay safe as of now.
    1. feidhlim1986's Avatar
      feidhlim1986 -
      Its a good thing the guys on the dev team are looking to make our iPhones better and not trying to be malicious.
    1. tremerone's Avatar
      tremerone -
      SO it affects any iOS device...just to clarify....those of us still running 3.1.2 or 3.1.3 should be in the clear.....as this is the exploit for the iOS firmwares.

      Thanks
    1. 2Jaze's Avatar
      2Jaze -
      The only problem is EVERY FRICKIN THING i download that comes with WebViewController crashes my springboard, and it won't let me delete it separately/manually!

      Quote Originally Posted by dark_stranger View Post
      its very clever, still hurts my head trying to figure out how they managed to jailbreak my phone, just by me going to a webpage. Very smart people.

      And I guess, if you want to remain having the ability to jailbreak your phone, dont update safari on your phone.
      If they can do that, imagine what can be done with malicious web code.
    1. yentrog31's Avatar
      yentrog31 -
      Quote Originally Posted by fventura03 View Post
      what does that have to do with anything in this thread? let the dev team release their stuff when they get to it, stop flooding threads about this crap.

      edit: on topic though, i just installed it. glad to have that extra security.
      thx you...took all the way to post 4 for some dirtbag to rape the thread w/ an inane comment!

      I don'w know why these guys do what they do for the ungracious lot that always want more.

      As per every JB/unlock before this and in future..it will be here when it's ready and the dev team or the other geniuses who spend countless hrs beating Apple will release it...chillax dude!
    1. smirkis's Avatar
      smirkis -
      i always wondered why we steered away from the original method!

      glad to see it back. i miss those days haha
    1. spamsalad's Avatar
      spamsalad -
      I'm glad that this vulnerability has been put in the public domain. I am slightly concerned that it could be used for more malicious uses though. Keep up the brilliant work guys!
    1. olivo42's Avatar
      olivo42 -
      I need some Help!

      After JB my 3GS iOS4 with Jailbreakme.com, it keeps on SAFE MODE all the time, but I cannot get it out.

      Please help me out... should I try Jailbreakme.com again?
    1. stfudvs's Avatar
      stfudvs -
      lol at jailbreaking making idevice more secure, srsly, that's awesome

      the hacking community for idevices is a great one, and using a exploit to jailbreak then turning arround to drop an ecplination and a Warner scrpit is top notch

      the dev team spoils us
    1. whereswaldo's Avatar
      whereswaldo -
      Quote Originally Posted by TheOrioles33 View Post
      Wow! So jailbreaking is making us more secure. Nice.
      lol. Exact opposite of what Apple says

      Quote Originally Posted by olivo42 View Post
      I need some Help!

      After JB my 3GS iOS4 with Jailbreakme.com, it keeps on SAFE MODE all the time, but I cannot get it out.

      Please help me out... should I try Jailbreakme.com again?
      Don't try it again. It is probably from something you installed from Cydia. Many apps aren't working on iOS 4.0 that worked on 3.x. This happened to me from installing WeatherIcon. Just check out this list The Official iOS 4.0 Compatibility List! and find the items that you installed that don't work, and uninstall them.
      If I helped. please press thanks