Have you heard of the latest jailbreaking tool recently released by the iPhone Dev Team called the JailbreakMe? Unlike the previous jailbreaks, the JailbreakMe is simply accomplished using the Safari browser loaded on the device. Other jailbreaking tools require these devices to get connected to a computer and run a software update. And the fact that this jailbreaking tool only uses the Safari browser leads to a possible problem in the future.
Apparently, by simply loading a PDF file on your iPhone, iPad or iPod touch you could already be handing over a complete access to your device and which can eventually become a major security threat. This security bug affects almost all devices running iOS 3.1.2 version and higher.
According to websites Gizmodo and CNET, the same technique used in the first web-based Jailbreak for Iphone can be used by hackers and take control of your phone through a program that can be delivered via PDF to any iOS device running 3.1.2 or higher. In other words, simply visiting a web page or loading a PDF file can give other people a total control of your iPhone, iPad or iPod Touch.
This is how it works:
- First, it requires that the user visits a web page using Safari browser
- The web site automatically loads a PDF document and whenever a user loads a PDF document, it has to load the fonts associated with it that usually hides a special program
- When your iOS device tries to display the PDF file, the font inserted into the PDF containing the program will cause it to have a stack overflow
- As a result, the program can pass through the iPhone’s security defense and break out of its protective sandbox , at this point even without any user intervention the program can do whatever it desires inside your iPhone, iPod Touch or iPad such as delete files, transmit files, or even install programs
This is actually not the first time that an incident like this happened. Previously, at the time when iPhone was just beginning, it has also encountered a problem with TIFF files which also caused some security breach. Apple was able to patch the bug after quite some time.
As of present JailbreakMe may be benign, but hackers may find every opportunity to take the software and could reverse-engineer JailbreakMe’s exploit for their own wicked purposes. For now, users must take extra care to avoid this problem. Make it a habit to check the links you open and do not open any PDF file unless you are absolutely sure that it comes from a well trusted source.
You might also like
Story by pinoytutorial