Public exploit puts iPhone users at risk
On Wednesday, the Jailbreakme.com web site once again made it possible to jailbreak iOS devices. But what seems to be a convenient way of getting around Apple's strict control turns out to be a definite security problem and one that is yet to be properly addressed.
The jailbreak permanently disables a number of security mechanisms in iOS, including the requirement that code be signed by Apple. For the jailbreak, the web site offers a specially crafted PDF document that exploits a previously unknown security hole in the PDF viewer used on iOS devices. Initial analyses indicate that the vulnerability occurs in the libCGFreetype Freetype library when it handles type 1 fonts via
A number of security experts are currently analysing this publicly available PDF exploit. Once a person understands how it works, they could modify it so that it would, for example, install a spy program on an iPhone instead of installing the alternative app store Cydia. All the victims would need to do is visit a web site to be affected. The danger of malicious drive-by downloads on iOS therefore becomes reality. The iOS security expert Stefan Esser estimates that hundreds, if not thousands, of developers worldwide have the skills to come up with an exploit for their own purposes.
Germany's Bureau of Security in Information Technology (BSI) warns that "malicious programs can be executed on iPhones, iPads, and the iPod Touch" and recommends that iPhone and iPad users "not open PDF documents from unknown or insecure sources on iOS devices". The advice will hardly help – after all, users cannot prevent a web site from loading a PDF file – but there is no other option. Apple's only statement so far is from a spokesperson saying that it is "aware of this reported issue and is developing a fix that will be available to customers in an upcoming software update". The spokesperson declined to say when this update would be available. The exploit didn't exactly appear from nowhere, but was being publicly discussed five days ago.
The only way to protect yourself at the moment is by installing PDF Patcher 2, which, ironically, you can only get from Cydia after a jailbreak. In general, jailbreaks are dangerous in terms of security because they take down crucial security mechanisms. But at the moment, even security experts are considering whether or not the jailbreaks are the best option under the circumstances. Ideally though, Apple should be releasing the update as soon as possible and close the gap in the PDF component.