Sean Sullivan, security advisor with F-Secure Corporation, revealed on Tuesday the technical details of the jailbreak process, which is done entirely in the Mobile Safari browser. The jailbreakme.com site includes 20 separate PDFs for different combinations of hardware and firmware.
The same PDF files crash both Adobe Reader and Foxit on Windows platforms, relying on a corrupt font. On the iPhone, PDF viewing is built into the Safari browser, and the attack crashes the Compact Font Format handler.
Sullivan also linked to comments made via Twitter by security researcher Charlie Miller, who was also analyzing the code behind the browser-based jailbreak.
"Very beautiful work," Miller wrote. "Scary how it totally defeats Apple's security architecture."
Apple iOS4 jailbreak exploits PDF security hole
Posted on Tuesday, August 03 2010 @ 23:38 CEST by Thomas De Maesschalck