iPhone patch coming soon
According to US media reports, Apple already has a fix for the 'JailbreakMe' security issue, which it plans to distribute as part of a forthcoming update. However, the company remains coy about when exactly this will happen. It can only be hoped that it will be soon, as it's without doubt the biggest threat to iPhone users since the device was released. It is also unclear whether Apple is going to fix both vulnerabilities or just one. On Wednesday of this week the German Federal Office for Information Security (BSI) warned(German language link) of the potential for attacks.
The vulnerabilities relate to a bug in processing Compact Font Format (CFF) data embedded in PDF files and to a kernel vulnerability. The CFF vulnerability can be exploited to inject and execute code on an iPhone using crafted PDF files. This appears to be how the JailbreakMe exploit is able to outwit the iPhone's data execution prevention functionality. The exploit then uses the kernel vulnerability to break out of the sandbox and run on the iPhone with elevated privileges, allowing it to unlock the device.
To date, the JailbreakMe exploit is alone in utilising the vulnerabilities to open PDF files tailored to the user's iPhone version when the JailbreakMe website is opened in Safari. However, other apps can be used to open PDFs and other web sites, which utilise the exploit to infect the phone with malware rather than just unlocking it, may also be on the horizon.
Security specialists are currently having a hard time publishing further information on the vulnerabilities, partly because the exploit is equipped with protective measures to hinder debugging and analysis. As a result no malicious exploits have been seen to date. Users should, however, be careful what links they follow and what sites they visit in Safari. Security services provider Websense suggests using alternative browsers such as Atomic Web Browser(iTunes link) or iCabMobile(iTunes link). Both include filters which can be used to prevent PDFs from being opened without warning.
Users who have already jailbroken their iPhones can install PDF Loading Warner (com.willstrafach.pdfexploitwarner_1.0.0-4_iphoneos-arm.deb). It opens a confirmation dialogue whenever Safari attempts to open a PDF file.
- Two critical vulnerabilities in iPhone's iOS exploited in jailbreak, a report from The H.