Jailbreak community develops its own iPhone patch
The PDF patch is available from the Cydia store
Source: heise Security
Jailbreak grandee Jay Freeman, aka Saurik, has released his own patch for the critical Jailbreakme vulnerability, aimed at protecting the iPhone, iPod touch and iPad from crafted PDF files. Apple has also now plugged the security hole, a potent combination of two different vulnerabilities, but in doing so has left the first generation of iPhones and iPod touches out in the cold.
Apple ignored the first generation of the two devices in its update to iOS 4.0, thereby leaving a whopping 65 security vulnerabilities unplugged. This was particularly galling for iPhone users as Apple was still selling that generation of iPhone as late as July 2008.
On more recent models, Apple's patch also un-jailbreaks jailbroken devices. For security reasons, users who want to stay jailbroken should install Freeman's patch. Following yesterday's publication of the source code for the Jailbreakme exploit, it is now just a matter of time before someone uses it to develop malware.
Freeman's PDF patch is already available from homebrew installer Cydia. Cydia is generally installed automatically after jailbreaking. In testing, JailBreakMe.com was no longer able to inject code on heise Security's patched test iPhone.
(djwm)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
