• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • The FlateDecode Hole: How JailbreakMe Gets Root


    The simple, elegant JailbreakMe tool exploits a zero-day security hole in Mobile Safari to gain root access to the iOS kernel. The vulnerability, which involves a filter used with embedded files in PDF documents, could still be used by malicious hackers to attack any iOS device, not just jailbroken ones. However, until Apple fixes the hole, the only way to protect yourself is to jailbreak and install @cdevwill's PDF Loading Warner tweak. Tell your friends.

    Ching-Lan Huang has a nice technical explanation of how the FlateDecode exploit works. Basically, the PDF file used for JailbreakMe contains a payload that is disguised as a Compact Font Format (CFF) file. FlateDecode - which is a lossless general purpose filter for any data compressed with the zlib implementation of classic RFC1951 deflate - uncompresses and loads the CFF file from the stream, which causes the font stack to overflow. As Huang describes it: "Kaboom." The payload then executes, jailbreaks your device, and loads Cydia.

    Charlie Miller, who found a similar vulnerability in Mac OS X Safari, calls this exploit "very beautiful work," adding that it's "scary how it totally defeats Apple’s security architecture." What can't be emphasized enough is that this is a door Apple left jammed open, not one that comex broke open. The hole was there from the beginning (which is why we call it a "zero-day" vulnerability), and it's still there now, on every iOS device, jailbroken or not. What the Dev-Team's Will (@cdevwill) Strafach put together is a simple tweak, PDF Loading Warner, that will detect when a PDF file is attempting to load arbitrary code. If you're on a trusted site, you can choose "Load," or otherwise tap "Cancel" and you're all good.

    Good news/bad news: as @chpwn tweeted yesterday, "there are /lots/ of public exploits out there, and @comex's JailbreakMe just uses one of them." So it's "no big deal" if Apple fixes this one, because there are, apparently, enough holes in the system to allow future jailbreaks. Yikes. And Apple complains about jailbreaks causing "compromised security..."
    This article was originally published in forum thread: The FlateDecode Hole: How JailbreakMe Gets Root started by Paul Daniel Ash View original post
    Comments 83 Comments
    1. JoeStorm's Avatar
      JoeStorm -
      I just installed this and the very next time I unlocked my iPhone (by using the slide) the PDF warning popped up 4 times. This was at the main springboard screen. I clicked 'cancel' 4 times. This happen to anyone else?
    1. yentrog31's Avatar
      yentrog31 -
      Quote Originally Posted by whereswaldo View Post
      lol. Exact opposite of what Apple says



      Don't try it again. It is probably from something you installed from Cydia. Many apps aren't working on iOS 4.0 that worked on 3.x. This happened to me from installing WeatherIcon. Just check out this list The Official iOS 4.0 Compatibility List! and find the items that you installed that don't work, and uninstall them.
      If I helped. please press thanks
      Bingo..I read somewhere,cannot remember where that it was a ready to expire app..like any ringtone or something like that....
    1. JoeStorm's Avatar
      JoeStorm -
      Quote Originally Posted by whereswaldo View Post
      This happened to me from installing WeatherIcon
      Same thing with me.
    1. sucram6791's Avatar
      sucram6791 -
      i cant find this on cydia, ive been searching but still no luck, help please
    1. JoeStorm's Avatar
      JoeStorm -
      Quote Originally Posted by sucram6791 View Post
      i cant find this on cydia, ive been searching but still no luck, help please
      Bottom right button is search. Type 'pdf' and there it is.
    1. whereswaldo's Avatar
      whereswaldo -
      Quote Originally Posted by yentrog31 View Post
      Bingo..I read somewhere,cannot remember where that it was a ready to expire app..like any ringtone or something like that....
      you could always press thanks
      Because if you don't, waldo might not let you find him next time
    1. ProZack27's Avatar
      ProZack27 -
      Quote Originally Posted by sucram6791 View Post
      i cant find this on cydia, ive been searching but still no luck, help please
      It's there, keep looking. I just did a search for PDF...
    1. whereswaldo's Avatar
      whereswaldo -
      Quote Originally Posted by JoeStorm View Post
      Same thing with me.
      Barely any jb apps that involve the status bar are working. Such as WeatherIcon, Battery Control, Notifier and many carrier text changers
      Quote Originally Posted by sucram6791 View Post
      i cant find this on cydia, ive been searching but still no luck, help please
      It's called PDF Loading Warner, it's under the BigBoss repo
    1. exNavy's Avatar
      exNavy -
      This program only just appeared in Cydia a few minutes ago, I couldn't find it based on when this article was posted either, and I know how to use the f'ing search button.
    1. Shishir G's Avatar
      Shishir G -
      Guys think what if Comex turned EVIL!!!!
      lol, good bye iphones, ipods and ipads
      Comex and others are geniuses, as the other guy said "It still hurts my brain trying to figure out how they can jailbreak my phone by going to a webpage."
      Things are turning BAD for apple.

      whats next?
      Comex announces: FLASH FOR ALL IDEVICES!!!
      no no no thats impossible... is it?
    1. dark_stranger's Avatar
      dark_stranger -
      Quote Originally Posted by 2Jaze View Post
      The only problem is EVERY FRICKIN THING i download that comes with WebViewController crashes my springboard, and it won't let me delete it separately/manually!



      If they can do that, imagine what can be done with malicious web code.
      Fortunately the dev team are the good guys and on our side,


      or are they
    1. xyx's Avatar
      xyx -
      I dont see the program either, I'll try searching for it later
    1. Shishir G's Avatar
      Shishir G -
      Quote Originally Posted by xyx View Post
      I dont see the program either, I'll try searching for it later
      You need the Bigboss source or something
      Then go to SEARCH in cydia "PDF" and its the only one there...
    1. xyx's Avatar
      xyx -
      I can read a thread, if you'd like to repeat what they were saying go right ahead. I just stated it wasn't in my search results, and i'll try later. The bigboss soruce comes already in cydia.
    1. frsclive's Avatar
      frsclive -
      I could not find it using cydia, but if you have ROCK its there
    1. JoeStorm's Avatar
      JoeStorm -
      Quote Originally Posted by JoeStorm View Post
      I just installed this and the very next time I unlocked my iPhone (by using the slide) the PDF warning popped up 4 times. This was at the main springboard screen. I clicked 'cancel' 4 times. This happen to anyone else?
      Looks like this dialog is triggered by any pdf at anywhere. For example, I own the Evolution OS2 theme. The clock on the main page uses 5 pdfs for the clock's hands and display items. So every time I respring, I get 5 warnings. Any way to lock this warning to safari loading pdf's?
    1. maddawg05's Avatar
      maddawg05 -
      I'm glad there's still good humble ppl out there in the world...thanks Dev Team. Soon as I jb, I'll be donating.
    1. awesomeSlayer's Avatar
      awesomeSlayer -
      I don't really use Safari on my iPod touch so I don't need to worry.
    1. zoomspeed05's Avatar
      zoomspeed05 -
      You have to wait till cydia completely loads then search
    1. sucram6791's Avatar
      sucram6791 -
      thanks for all the obvious answers, but it just hadnt loaded into cydia for me but it finally showed up. im sure the other people that havent seen it will see it now