Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Apple > Iworld

July 7th, 2011, 08:04 GMT · By

PDF Vulnerability in JailbreakMe 3.0 Can Be Easily Patched

SHARE:

Adjust text size:


PDF Patcher available on Cydia
Enlarge picture
JailbreakMe, Comex’s iOS hack that exploits a PDF vulnerability to run unauthorized code on iPhones and iPads, could pose serious security threats, according to Graham Cluley, senior technology consultant at Sophos. However, the hole can be easily closed by users with a quick visit to the right place on Cydia.

As always, Mr. Cluley offers his pertinent opinion noting that “if visiting the JailBreakMe website with Safari can cause a security vulnerability to run the site's code, just imagine how someone with more nefarious intentions could also abuse the vulnerability to install malicious code on your iPad or iPhone."

Cluley says the ball is now in Apple’s court. However, while it is Apple’s responsibility to close such holes, there is already a patch that allows users to jailbreak and stay on the safe side.

After jailbreaking, users can launch Cydia and download PDF Patcher 2 (also authored Comex).

After installation, whenever a website tries to open a PDF on the user’s device, an alert will pop up asking if they really want to continue.

Comex himself admits that his PDF vulnerability can be used by people with bad intentions:

"I did not create the vulnerabilities, only discover them. Releasing an exploit demonstrates the flaw, making it easier for others to use it for malice, but they have long been present and exploitable,” he said.

“Although releasing a jailbreak is certainly not the usual way to report a vulnerability, it still has the effect of making iOS more secure in the long run," Comex believes.

Indeed, it is still Apple who ultimately has to close these holes, even if it means closing the holes that allowed Comex’s jailbreak in the first place.

That’s no problem for the hacker, though. History has shown that he is always capable of finding new ones, keeping the cat-and-mouse game going.

And he’s not alone. He has an entire Dev Team at his side to help with finding new vulnerabilities, and there are other hacking teams out there with the same goal.

TELL US WHAT YOU THINK:

1,280 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


JailbreakMe 3.0 Supported Devices, Info
Facebook Tells 'Spartans' to Code Specifically for iOS
iPad 2 Jailbreak Unleashed
JailbreakMe 3.0 iPad 2 Hack Launches Today, Source Claims
iPad 2 Jailbreak to Be Unleashed Any Moment Now

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use