iPhone 4 Jailbreak Uses PDF Explot to Gain Access

The iPhone 4 Jailbreak launched yesterday in the form of a site you load up on your Safari browser on the iPhone. A small file is downloaded at that point which then can exploit the iPhone and allow access to install Cydia etc…

The exploit used takes advantage of an automatic PDF download in iOS that the jailbreak can inject jailbreak code and when you use the slide to jailbreak slider, the jailbreak code is executed that opens up the iPhone to be exploited.

The downside of this is that the vulnerability can also be opened up to malicious intent in that you could visit a website, click a button for example, and have executable code injected in to iOS that has a different agenda to what jailbreaking does.

So that users don’t get attacked without knowing (until it’s too late) a temporary fix has been created. The fix is not official, but simply makes PDF documents pop up a box asking if you are sure you want to open this. If you intend to open a document then hit load. If it just randomly pops up on you, you can hit cancel to prevent the code from being loaded up. This is just a temporary 3rd party fix which we suspect Apple will fix in iOS 4.1 when it launches.

Full details of how to install the temporary fix can be found over at MacStories.

Speak Your Mind