Apple iOS4 jailbreak exploits PDF security hole

Posted on Tuesday, August 03 2010 @ 23:38 CEST by Thomas De Maesschalck
Apple Insider reports the browser-based jailbreak for iOS devices, including the latest iPhone 4, takes advantage of a "scary" PDF security hole that could be used to hack Apple's mobile devices by having the user visit an infected website.
Sean Sullivan, security advisor with F-Secure Corporation, revealed on Tuesday the technical details of the jailbreak process, which is done entirely in the Mobile Safari browser. The jailbreakme.com site includes 20 separate PDFs for different combinations of hardware and firmware.

The same PDF files crash both Adobe Reader and Foxit on Windows platforms, relying on a corrupt font. On the iPhone, PDF viewing is built into the Safari browser, and the attack crashes the Compact Font Format handler.

Sullivan also linked to comments made via Twitter by security researcher Charlie Miller, who was also analyzing the code behind the browser-based jailbreak.

"Very beautiful work," Miller wrote. "Scary how it totally defeats Apple's security architecture."


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments