Jailbreakme Takes Advantage of 0-day PDF Vuln in Apple iOS Devices

Published: 2011-07-10. Last Updated: 2011-07-10 13:53:16 UTC
by Raul Siles (Version: 1)
1 comment(s)

Three days ago a new version (v3) of Jailbreakme (aka jbme3.0), the website used to jailbreak Applie iOS devices (such as iPhone, iPod Touch and iPad), was released. The site takes advantage of userland-based exploits to take full control of these devices by simply visiting a web page. This v3 version makes use of a 0-day PDF vulnerability on a first stage, and a iOS kernel vulnerability to elevate privileges on a second stage.

These vulnerabilities affects multiple Apple devices and versions, up to iPad2 and iOS 4.3.3.

As far as we know, Apple has not released an official update yet against these vulnerabilities (although it's working on it), so all devices are at risk. If you have a jailbroken device, it is recommended to install “PDF Patcher 2” from Cydia to eliminate this risk (any firmware version). More details on the Dev Team blog: http://blog.iphone-dev.org.

The common but not very realistic recommendation applies: do not open "malicious" PDF files or visit untrusted websites (using Mobile Safari)! I always wonder how end users can determine if a PDF or web page is malicious before opening it... probably those that contain the word malicious on its name or domain name :) 

----
Raul Siles
Founder and Senior Security Analyst with Taddong
www.taddong.com

1 comment(s)

Comments

" I always wonder how end users can determine if a PDF or web page is malicious before opening it..."

Through RFC 3514 of course :)

http://tools.ietf.org/html/rfc3514

Diary Archives