Source code for latest iOS jailbreak published
Comex has released the source code for his iPhone jailbreak, which unlocks iOS devices up to version 4.3.3 directly from the jailbreakme.com web site. Analysis by Sogeti ESEC suggests that the developer was able to use a crafted PDF file to exploit a vulnerability in the FreeType library. A second step involves exploiting a vulnerability in the kernel to enable execution of unsigned code, obtain root privileges and then install the actual jailbreak. This is the first public exploit to be able to circumvent address space layout randomisation (ASLR), which was introduced in iOS 4.3.
Publication of the source code raises the risk that the exploit could be used for criminal ends. Users who do not wish to jailbreak their phones are therefore advised to update to the current iOS version 4.3.4, in which both vulnerabilities are fixed, as soon as possible. This is, however, a one-way process – no comparable (untethered) jailbreak exists for the latest version. The update also removes any existing jailbreak. iOS users with jailbroken devices should install comex's PDF Patcher 2 via Cydia, which at least fixes the entry vulnerability in FreeType – though not the kernel vulnerability, which is required by the jailbreak.