Two critical vulnerabilities in iPhone’s iOS exploited in jailbreak

iPhone Teaser

According to Vupen Security the PDF vulnerability exploit that allows iPhones to be jailbroken, to run non-Apple App Store apps, is actually two critical vulnerabilities. The vulnerabilities exist in iOS 3.x, 4.0 and 4.01 and affect iPhones, iPads and iPod touch devices.

The first vulnerability is, as previously reported, in the PDF rendering functionality of the iPhone, which allows an attacker to execute arbitrary code by inducing the processing of embedded font data to corrupt memory. This flaw in the Compact Font FormatPDF (CFF) handling can be exploited by merely tricking a user into visiting a specially crafted page. The second vulnerability is an error in the kernel, which allows attackers to elevate privileges and bypass the sandbox restrictions in iOS.

The jailbreakme.com site uses a crafted page which identifies which model of iPhone, iPad or iPod Touch is being used and sends the browser to view one of twenty customised PDF files. The JailbreakMe site only removes the restrictions on the device which block it from running applications that aren’t from the App Store and installs the Cydia application store.

Security vendors are warning that it could be possible for criminals to make use of the same vulnerabilities to create malware for the iPhone. The PDF rendering functionality is part of Apple’s Safari browser, developed by Apple, and not an external or third party application. An Apple spokesperson told Reuters that the company was aware of the reports and was investigating.

Source.

Advertisements
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: