14 DAY TRIAL // Mikko of F-Secure, a company analyzing virus, phishing, spyware, and spam attacks, has published questions and answers on the jailbreakme vulnerability to ensure iOS device owners worldwide are well informed about the security risks they are exposed to.
The post starts out with some general information to get everyone on the same level of knowledge about the flaw in question. Should anyone be curious to know what all the noise is about, F-Secure explains: “It's about a site called jailbreakme.com that enables you to Jailbreak your iPhones and iPads just by visiting the site.” It adds: “The problem is that the site uses a zero-day vulnerability to execute code on the device.”
F-Secure then elaborates saying, “Actually, it's two vulnerabilities. First one uses a corrupted font embedded in a PDF file to execute code and the second one uses a vulnerability in the kernel to escalate the code execution to unsandboxed root.”
Although acknowledged by Apple, the zero-day vulnerability employed by jailbreakme.com to execute code on the device hasn’t been patched yet. Apple promised to roll out the fix in an upcoming software update, but failed to specify when this would occur. The release is yet to occur. According to F-Secure, jailbroken users who download and install PDF Loading Warner may actually be more protected than those who haven’t jailbroken their devices.
“If your iPhone is jailbroken, you could consider installing the ‘PDF Loading Warner’ app, made by Chronic Dev Team. We're not endorsing the tool, but it might help,” Mikko writes. The F-Secure staffer reveals that other applications may be vulnerable as well. Mikko mentions “Some versions of Foxit Reader and the FreeType2 library” as potentially affected apps. Thoughtfully includes links for more information here and there on anything that’s too big to include in the Q&A post.
In case anyone is asking, “Should I run an antivirus on my iPhone?”, F-Secure bluntly answers: “You should, yes. But you can't.”
Close to the end of his post, Mikko reveals that all iOS devices are affected. And while it would be safer now to jailbreak an iPhone to install a PDF Warner, jailbreaking exposes users to other security risks, the security firm asserts. The best thing users can do right now is follow the news, Mikko concludes.
Softpedia doesn't encourage jailbreaking / unlocking the iPhone / iPod touch / iPad, or any other device. This article has a purely informational purpose and doesn't, in any way, suggest that you should hack your Apple device. Using hacks may render your device unusable, or may reduce the quality of your experience employing the respective device. If you choose to download and install jailbreak tools, you will do so at your own risk. Unlocking / jailbreaking your iPhone / iPod touch / iPad may violate your warranty or the EULA with Apple and / or your cellular-service provider.