Apple's iPhone PDF Exploit. Scared? (Exploited already by Jailbreak)

[Mike225]

Right now, if you visit a web page and load a simple PDF file, you may give total control of your iPhone, iPod touch, or iPad to a hacker. The security bug affects all iOS 4 devices and the iPad.

http://www.macstories.net/iphone/how-to-prevent-ios-from-automatically-loading-pdfs-vulnerability/
http://gizmodo.com/5603319/new-apple-security-breach-gives-complete-access-to-your-iphone

 

[chakraj]

So do the fix ??

 

[Mike225]

So do the fix ??

Is the SSH vulnerability patched yet?

 

[Ryan1524]

So when Apple patches this....who's going to update? and will it break the jailbreak?

 

[TruckdriverSean]

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_0_1 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A306 Safari/6531.22.7)

As Apple's updates almost always break the jailbreak, I'm on the fence about this. I don't want to leave a big gaping security flaw on my iP4, but I don't want to NOT be able to jailbreak later, should I decide to.

 

[JediZenMaster]

I'm not really scared because only an idiot would open a PDF or any file for that matter that was foreign to them. Some people need to exercise common sense.

 

[Mike225]

I'm not really scared because only an idiot would open a PDF or any file for that matter that was foreign to them. Some people need to exercise common sense.

Why would someone normally be scared of a PDF?

 

[alent1234]

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_0_1 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A306 Safari/6531.22.7)

As Apple's updates almost always break the jailbreak, I'm on the fence about this. I don't want to leave a big gaping security flaw on my iP4, but I don't want to NOT be able to jailbreak later, should I decide to.

you do realize that JB is nothing more than taking advantage of Apple's security bugs. it's nothing magical about it. the first suspects are buffer overruns and you bombard the OS with corrupt data until you find a bug.

most of the security issues in Windows years ago was buffer overruns. you create a variable to hold data with say 10 characters but you don't check that it only will take no more than 10. you throw 11 or more at it and it causes a buffer overrun that gives you control over some function.

 

[JediZenMaster]

Why would someone normally be scared of a PDF?

Because if it comes from a source that your not familiar with then why open it? Even if it's a PDF if it comes from a strange place don't open it.

 

[Mike225]

Because if it comes from a source that your not familiar with then why open it? Even if it's a PDF if it comes from a strange place don't open it.

What if a MacRumors user uploaded it and said it was a document or advertisement he was working on? next you will tell me you wouldn't open a JPEG if Preview had a vulnerability and it was from an unknown source, Im sure.

 

[Cynikal.Mindset]

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_0_1 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A306 Safari/6531.22.7)

As Apple's updates almost always break the jailbreak, I'm on the fence about this. I don't want to leave a big gaping security flaw on my iP4, but I don't want to NOT be able to jailbreak later, should I decide to.

The PDF warning fix does not patch or break the ability to jailbreak, its a pop up warning that some PDF file is trying to load on your phone. Works quite well actually, just tested it out on the jailbreakme.com site

 

[kas23]

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_0_1 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A306 Safari/6531.22.7)

As Apple's updates almost always break the jailbreak, I'm on the fence about this. I don't want to leave a big gaping security flaw on my iP4, but I don't want to NOT be able to jailbreak later, should I decide to.

You can upload an shsh blob of your 4.01. This will allow you to revert back to 4.01 if you accidently (or purposely) update your firmware in the future. As long as you have the ability to revert back to 4.01, you will always have the option to jailbreak. And if you please, after jailbreaking, you can close the security hole yourself. It's ironic that the only way to fix a huge security risk right now is to jailbeak by exploiting this same security hole.

http://www.ihackintosh.com/2010/07/how-to-backup-ios-4-shsh-blobs-for-iphone-4/

 

[JediZenMaster]

What if a MacRumors user uploaded it and said it was a document or advertisement he was working on? next you will tell me you wouldn't open a JPEG if Preview had a vulnerability and it was from an unknown source, Im sure.

I Don't open files from unknown places and people i don't know period.

 

[admanimal]

Is the SSH vulnerability patched yet?

Why would they bother fixing something that is only a problem if you jailbreak?

 

[silver8ack]

I Don't open files from unknown places and people i don't know period.

What if someone hacked yahoo.com and made it the home page.

Oh you don't go to yahoo.com.

You are 1337.

 

[ZenoVT]

I Don't open files from unknown places and people i don't know period.

It's not a matter of choosing to open a pdf file or not. You could go to a seemingly harmless site and it redirects you to a pdf file that will wreck your phone. Oops

 

[JediZenMaster]

What if someone hacked yahoo.com and made it the home page.

Oh you don't go to yahoo.com.

You are 1337.

I hope you have enough straws to grasp.

 

[Mike225]

Why would they bother fixing something that is only a problem if you jailbreak?

Because you must SSH in (By jailbreaking using the exploit) to patch the PDF exploit. Its a little complicated to a novice I guess.

 

[Mike225]

I hope you have enough straws to grasp.

How old are you? You are the most unintelligent person on the forum Ive seen (And thats pretty amazing, especially on this site)

 

[JediZenMaster]

How old are you? You are the most unintelligent person on the forum Ive seen (And thats pretty amazing, especially on this site)

Thanks. Ask me if i care what someone on a message board thinks of me.

 

[Mike225]

Thanks. Ask me if i care what someone on a message board thinks of me.

Do you care when a whole forum can see your ignorance?

 

[JediZenMaster]

Do you care when a whole forum can see your ignorance?

Your entitled to your opinion. I don't care what anyone online thinks of me. Now if your attempting to call me out go ahead. But the fact that you have followed me into 2 Different threads shows how unhinged you are.

 

[Mike225]

Your entitled to your opinion. I don't care what anyone online thinks of me. Now if your attempting to call me out go ahead. But the fact that you have followed me into 2 Different threads shows how unhinged you are.

I started this thread, bright one.

 

[JediZenMaster]

I started this thread

Great and i'm using the block feature now

 

[3N16MA]

I don't open any PDF's that come from unknown sources either. If I don't know who sent it then it gets deleted. If someone took over a site like suggested in this thread then I have no control over something like that. However it seems like someone can come up with any far fetched plan that could get me to open a PDF.