+ Reply
Page 1 of 5 123 ... LastLast
Results 1 to 20 of 84

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: The FlateDecode Hole: How JailbreakMe Gets Root

is a discussion within the

iPhone News

forums, a part of the

General iPhone

section;
The simple, elegant JailbreakMe tool exploits a zero-day security hole in Mobile Safari to gain root access to the iOS kernel. The vulnerability, which involves a filter used with embedded
...
  1. #1
    MMi Staff Writer Paul Daniel Ash's Avatar
    Join Date
    Aug 2009
    Location
    Union Square, Somerville, Mass.
    Posts
    919
    Thanks
    6
    Thanked 995 Times in 401 Posts

    Default The FlateDecode Hole: How JailbreakMe Gets Root


    The simple, elegant JailbreakMe tool exploits a zero-day security hole in Mobile Safari to gain root access to the iOS kernel. The vulnerability, which involves a filter used with embedded files in PDF documents, could still be used by malicious hackers to attack any iOS device, not just jailbroken ones. However, until Apple fixes the hole, the only way to protect yourself is to jailbreak and install @cdevwill's PDF Loading Warner tweak. Tell your friends.

    Ching-Lan Huang has a nice technical explanation of how the FlateDecode exploit works. Basically, the PDF file used for JailbreakMe contains a payload that is disguised as a Compact Font Format (CFF) file. FlateDecode - which is a lossless general purpose filter for any data compressed with the zlib implementation of classic RFC1951 deflate - uncompresses and loads the CFF file from the stream, which causes the font stack to overflow. As Huang describes it: "Kaboom." The payload then executes, jailbreaks your device, and loads Cydia.

    Charlie Miller, who found a similar vulnerability in Mac OS X Safari, calls this exploit "very beautiful work," adding that it's "scary how it totally defeats Apple’s security architecture." What can't be emphasized enough is that this is a door Apple left jammed open, not one that comex broke open. The hole was there from the beginning (which is why we call it a "zero-day" vulnerability), and it's still there now, on every iOS device, jailbroken or not. What the Dev-Team's Will (@cdevwill) Strafach put together is a simple tweak, PDF Loading Warner, that will detect when a PDF file is attempting to load arbitrary code. If you're on a trusted site, you can choose "Load," or otherwise tap "Cancel" and you're all good.

    Good news/bad news: as @chpwn tweeted yesterday, "there are /lots/ of public exploits out there, and @comex's JailbreakMe just uses one of them." So it's "no big deal" if Apple fixes this one, because there are, apparently, enough holes in the system to allow future jailbreaks. Yikes. And Apple complains about jailbreaks causing "compromised security..."
    Last edited by Paul Daniel Ash; 08-03-2010 at 09:04 AM.

  2. The Following 30 Users Say Thank You to Paul Daniel Ash For This Useful Post:

    alcapown (08-03-2010), alectra82 (08-03-2010), BboyAirrick (08-03-2010), cir_osis (08-03-2010), Clatchy (08-03-2010), code3-ems (08-03-2010), dimplenicko (08-04-2010), dsg (08-03-2010), estes123 (08-03-2010), exNavy (08-03-2010), Freerunnering (08-03-2010), GellBrake'rrrr (08-03-2010), Halten77 (08-03-2010), iLoveWindows&iPhone (08-03-2010), Jahooba (08-03-2010), kaepora (08-03-2010), kevin.e.white (08-03-2010), lightmaster (08-03-2010), mb23 (08-03-2010), nickxab (08-03-2010), Originalg (08-03-2010), rainman99 (08-03-2010), reaves205 (08-03-2010), Robcoffee (08-03-2010), sal_osx (08-03-2010), spamsalad (08-03-2010), Tamkis (08-03-2010), Tenspeed123 (08-03-2010), tonyyvo (08-04-2010), UTPharmer (08-03-2010)

  3. #2
    Green Apple
    Join Date
    Aug 2009
    Posts
    41
    Thanks
    3
    Thanked 5 Times in 5 Posts

    I saw where they already warned about Apple plugging this hole in the beta 4.1 and not to update as usual

  4. #3
    Livin the iPhone Life TheOrioles33's Avatar
    Join Date
    Jul 2007
    Posts
    1,001
    Thanks
    43
    Thanked 66 Times in 52 Posts

    Wow! So jailbreaking is making us more secure. Nice.
    MacBook Pro i7
    Dell XPS

  5. #4
    Green Apple
    Join Date
    Jan 2008
    Posts
    61
    Thanks
    1
    Thanked 2 Times in 2 Posts

    cool, all I care about at this point is for the Unlock!!!!!!

  6. #5
    Livin the iPhone Life exNavy's Avatar
    Join Date
    Jun 2007
    Location
    Arizona
    Posts
    1,075
    Thanks
    57
    Thanked 179 Times in 131 Posts

    Great behind the scenes info! Thanks.

  7. #6
    iPhone? More like MyPhone
    Join Date
    Jun 2008
    Posts
    106
    Thanks
    3
    Thanked 9 Times in 4 Posts

    Quote Originally Posted by Neo0019 View Post
    cool, all I care about at this point is for the Unlock!!!!!!
    what does that have to do with anything in this thread? let the dev team release their stuff when they get to it, stop flooding threads about this crap.

    edit: on topic though, i just installed it. glad to have that extra security.
    Last edited by fventura03; 08-03-2010 at 09:11 AM.

  8. The Following 6 Users Say Thank You to fventura03 For This Useful Post:

    Adilcoolrocks (08-03-2010), Aldog18 (08-05-2010), MaxRabbit (08-03-2010), tavella (08-03-2010), TWOGUNZ (08-03-2010), yentrog31 (08-03-2010)

  9. #7
    What's Jailbreak? amandej's Avatar
    Join Date
    Sep 2007
    Posts
    24
    Thanks
    3
    Thanked 0 Times in 0 Posts

    still cant open my ibooks
    AJ

    Music is what feelings sound like....

  10. #8
    iPhone? More like MyPhone sandstorm77's Avatar
    Join Date
    Dec 2008
    Location
    Cranston, RI
    Posts
    208
    Thanks
    16
    Thanked 33 Times in 17 Posts

    Fantastic!

  11. #9
    What's Jailbreak?
    Join Date
    Dec 2009
    Posts
    14
    Thanks
    0
    Thanked 2 Times in 1 Post
    its very clever, still hurts my head trying to figure out how they managed to jailbreak my phone, just by me going to a webpage. Very smart people.

    And I guess, if you want to remain having the ability to jailbreak your phone, dont update safari on your phone.

  12. #10
    iPhone? More like MyPhone
    Join Date
    Aug 2009
    Location
    New Jersey
    Posts
    125
    Thanks
    19
    Thanked 11 Times in 9 Posts

    Jailbreak is the best!!!

  13. #11
    Livin the iPhone Life tudtran's Avatar
    Join Date
    Sep 2007
    Location
    Foco, Colorado
    Posts
    1,003
    Thanks
    4
    Thanked 39 Times in 30 Posts

    Thanks, my iphone is installing it right now.

  14. #12
    What's Jailbreak? jdonn2009's Avatar
    Join Date
    May 2008
    Location
    Columbus Ohio
    Posts
    26
    Thanks
    4
    Thanked 0 Times in 0 Posts

    this is a zero day exploit which means that its been open for a while... there is no update for safari on your phone so thats nothing your going to have to worry about... download the PDF Loading Warner and pay attention to what pdf's you allow to connect... thats the only way to stay safe as of now.

  15. #13
    Livin the iPhone Life
    Join Date
    Sep 2007
    Location
    Ireland
    Posts
    1,441
    Thanks
    41
    Thanked 185 Times in 145 Posts

    Its a good thing the guys on the dev team are looking to make our iPhones better and not trying to be malicious.

  16. #14
    Green Apple tremerone's Avatar
    Join Date
    Dec 2009
    Location
    Bathroom stall
    Posts
    95
    Thanks
    4
    Thanked 20 Times in 15 Posts

    SO it affects any iOS device...just to clarify....those of us still running 3.1.2 or 3.1.3 should be in the clear.....as this is the exploit for the iOS firmwares.

    Thanks

  17. The Following User Says Thank You to tremerone For This Useful Post:

    BeachLivin88 (08-03-2010)

  18. #15
    iPhone? More like MyPhone
    Join Date
    Aug 2007
    Posts
    222
    Thanks
    0
    Thanked 14 Times in 11 Posts

    The only problem is EVERY FRICKIN THING i download that comes with WebViewController crashes my springboard, and it won't let me delete it separately/manually!

    Quote Originally Posted by dark_stranger View Post
    its very clever, still hurts my head trying to figure out how they managed to jailbreak my phone, just by me going to a webpage. Very smart people.

    And I guess, if you want to remain having the ability to jailbreak your phone, dont update safari on your phone.
    If they can do that, imagine what can be done with malicious web code.
    Last edited by 2Jaze; 08-03-2010 at 09:30 AM. Reason: Automerged Doublepost

  19. #16
    iPhone? More like MyPhone yentrog31's Avatar
    Join Date
    Sep 2009
    Location
    Texas
    Posts
    208
    Thanks
    53
    Thanked 22 Times in 20 Posts

    Quote Originally Posted by fventura03 View Post
    what does that have to do with anything in this thread? let the dev team release their stuff when they get to it, stop flooding threads about this crap.

    edit: on topic though, i just installed it. glad to have that extra security.
    thx you...took all the way to post 4 for some dirtbag to rape the thread w/ an inane comment!

    I don'w know why these guys do what they do for the ungracious lot that always want more.

    As per every JB/unlock before this and in future..it will be here when it's ready and the dev team or the other geniuses who spend countless hrs beating Apple will release it...chillax dude!
    "It takes a rare thing, a turning point, to free oneself from any obsession. Be it prejudice or hate, or, even love"

  20. #17
    Livin the iPhone Life
    Join Date
    Jan 2008
    Location
    sd
    Posts
    1,085
    Thanks
    8
    Thanked 99 Times in 79 Posts

    i always wondered why we steered away from the original method!

    glad to see it back. i miss those days haha
    1.1.1>1.1.2>1.1.4>2.0>2.1>2.2>3.1>3.1.2 blackra1n'd

    waitin on my white iphone 4

  21. #18
    Green Apple spamsalad's Avatar
    Join Date
    Apr 2010
    Location
    Scotland
    Posts
    33
    Thanks
    5
    Thanked 3 Times in 3 Posts

    I'm glad that this vulnerability has been put in the public domain. I am slightly concerned that it could be used for more malicious uses though. Keep up the brilliant work guys!

  22. #19
    Green Apple
    Join Date
    Oct 2008
    Location
    Dominican Republic
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default 3GS iOS4 with Jailbreakme.com on SAFE MODE
    I need some Help!

    After JB my 3GS iOS4 with Jailbreakme.com, it keeps on SAFE MODE all the time, but I cannot get it out.

    Please help me out... should I try Jailbreakme.com again?

  23. #20
    iPhone? More like MyPhone
    Join Date
    May 2008
    Posts
    107
    Thanks
    0
    Thanked 17 Times in 12 Posts

    lol at jailbreaking making idevice more secure, srsly, that's awesome

    the hacking community for idevices is a great one, and using a exploit to jailbreak then turning arround to drop an ecplination and a Warner scrpit is top notch

    the dev team spoils us

  24. The Following User Says Thank You to stfudvs For This Useful Post:

    eLuxury4viet (08-03-2010)

+ Reply
Page 1 of 5 123 ... LastLast
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts