iPhone jailbroken by Safari vulnerability again – Update

The page JailbreakMe.com exploits a vulnerability in Apple’s mobile Safari browser to jailbreak the iPhone (3G, 3GS and 4), iPod Touch (four generations) and iPad without the use of a PC. Jailbreaking gets around Apple’s restrictions on what applications can be installed on the Apple devices. Previously iPhone hacks were available from the same site and at the end of 2007, the site carried a similar trick for iOS 1.1.1.

The current jailbreak for the iPhone and iPod Touch is able to work with iOS 4.01. The iPad can also be unlocked; the jailbreak works with the iPad’s iOS 3.2/3.2.1 firmware. After jailbreaking, the Cydia package manager is automatically downloaded and installed; the package manager plays host to applications for the iPhone which Apple have not admitted to their own App Store. The jailbreak does not remove the SIM lock which is in place to prevent the use of SIM cards from any network operator.

Currently the servers are overloaded, but The H’s associates at heise Online were able after several attempts to unlock an iPhone 4 via the website; analternative link is now available. A few minutes after the “slide to jailbreak” slider was activated, the Cydia installer was available on the home screen of the iPhone. A restart was not necessary. User reports of unlocked devices having problems with MMS sending and FaceTime video calling cannot be confirmed at this point.

Details of the previously unknown and currently unspecified vulnerability in the Safari browser used by the jailbreak are not available, but it appears that in theory, it should be possible to inject malicious code into the Apple devices through the exploit. Apple will most likely eliminate the vulnerability in a future update, but until then it is advisable that to stay secure, users should only visit trusted web sites.

Update – The vulnerability the jailbreak uses is not, as initially reported, in the Safari browser but in a component for displaying PDF files. The site uses a number of tricks to identify what device is requesting to be jailbroken and then loads an appropriate PDF file into it.

Source.

Advertisements
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: