14 DAY TRIAL // The author of the JailbreakMe service has released the source code of the entire website including the exploits for the two critical vulnerabilities patched by Apple, which were leveraged to unlock the device.
The version of the JailbreakMe.com website launched at the end of last month was actually the second iteration of the drive-by jailbreaking trick and was dubbed by its author as "star".
The lead author behind the service, who goes by the online moniker of comex, has now made the source code for the entire project available on GitHub, a coding collaboration platform.
This is important because it significantly increases the possibility that malicious hackers will start leveraging the JailbreakMe exploits to infect iPhones, iPads and iPods touch with malware.
JailbreakMe.com ask users to pull on a slider in order to initiate what is basically a drive-by download, which installs an application called Cydia with superuser privileges.
This behavior is not at all different from the numerous Web exploits targeting vulnerabilities in outdated software and infecting Windows users on a daily basis.
The slider confirmation part can be easily removed to make the attack completely transparent and gain control over iOS devices that visit a compromised website.
Apple released iOS 4.0.2 for iPhone and iPod touch, and iOS 3.2.2 for the iPad, in order to address the two vulnerabilities exploited by the JailbreakMe service and antivirus experts advise users to upgrade to these versions as soon as possible.
"Although we haven't yet seen malicious attacks via the jailbreakme vulnerability, we recommend to install the patch right away," says Mikko Hyppönen, chief research officer at Finnish antivirus vendor F-Secure, who kept a close eye on developments surrounding the exploits.
"This does mean that users who have jailbroken their devices and prefer to keep it that way will have to face the increased likelihood of malicious attacks through this vulnerability," he adds.
You can follow the editor on Twitter @lconstantin