Apple's iPhone PDF Exploit. Scared? (Exploited already by Jailbreak)

TruckdriverSean

macrumors 6502a
Feb 28, 2009
662
4
Texas, US
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_0_1 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A306 Safari/6531.22.7)

As Apple's updates almost always break the jailbreak, I'm on the fence about this. I don't want to leave a big gaping security flaw on my iP4, but I don't want to NOT be able to jailbreak later, should I decide to.
 

JediZenMaster

Suspended
Mar 28, 2010
2,180
655
Seattle
I'm not really scared because only an idiot would open a PDF or any file for that matter that was foreign to them. Some people need to exercise common sense.
 

alent1234

macrumors 603
Jun 19, 2009
5,661
136
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_0_1 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A306 Safari/6531.22.7)

As Apple's updates almost always break the jailbreak, I'm on the fence about this. I don't want to leave a big gaping security flaw on my iP4, but I don't want to NOT be able to jailbreak later, should I decide to.

you do realize that JB is nothing more than taking advantage of Apple's security bugs. it's nothing magical about it. the first suspects are buffer overruns and you bombard the OS with corrupt data until you find a bug.

most of the security issues in Windows years ago was buffer overruns. you create a variable to hold data with say 10 characters but you don't check that it only will take no more than 10. you throw 11 or more at it and it causes a buffer overrun that gives you control over some function.
 

Mike225

macrumors 6502a
Original poster
Jul 15, 2010
521
0
SF BAY
Because if it comes from a source that your not familiar with then why open it? Even if it's a PDF if it comes from a strange place don't open it.
What if a MacRumors user uploaded it and said it was a document or advertisement he was working on? next you will tell me you wouldn't open a JPEG if Preview had a vulnerability and it was from an unknown source, Im sure.
 

Cynikal.Mindset

macrumors 6502a
Jul 6, 2010
770
0
Guelph ON, Canada
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_0_1 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A306 Safari/6531.22.7)

As Apple's updates almost always break the jailbreak, I'm on the fence about this. I don't want to leave a big gaping security flaw on my iP4, but I don't want to NOT be able to jailbreak later, should I decide to.
The PDF warning fix does not patch or break the ability to jailbreak, its a pop up warning that some PDF file is trying to load on your phone. Works quite well actually, just tested it out on the jailbreakme.com site
 

kas23

macrumors 603
Oct 28, 2007
5,627
291
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_0_1 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A306 Safari/6531.22.7)

As Apple's updates almost always break the jailbreak, I'm on the fence about this. I don't want to leave a big gaping security flaw on my iP4, but I don't want to NOT be able to jailbreak later, should I decide to.
You can upload an shsh blob of your 4.01. This will allow you to revert back to 4.01 if you accidently (or purposely) update your firmware in the future. As long as you have the ability to revert back to 4.01, you will always have the option to jailbreak. And if you please, after jailbreaking, you can close the security hole yourself. It's ironic that the only way to fix a huge security risk right now is to jailbeak by exploiting this same security hole.

http://www.ihackintosh.com/2010/07/how-to-backup-ios-4-shsh-blobs-for-iphone-4/
 

JediZenMaster

Suspended
Mar 28, 2010
2,180
655
Seattle
What if a MacRumors user uploaded it and said it was a document or advertisement he was working on? next you will tell me you wouldn't open a JPEG if Preview had a vulnerability and it was from an unknown source, Im sure.
I Don't open files from unknown places and people i don't know period.
 

ZenoVT

macrumors regular
Apr 16, 2009
158
0
I Don't open files from unknown places and people i don't know period.
It's not a matter of choosing to open a pdf file or not. You could go to a seemingly harmless site and it redirects you to a pdf file that will wreck your phone. Oops
 

Mike225

macrumors 6502a
Original poster
Jul 15, 2010
521
0
SF BAY
Why would they bother fixing something that is only a problem if you jailbreak?
Because you must SSH in (By jailbreaking using the exploit) to patch the PDF exploit. Its a little complicated to a novice I guess.
 

JediZenMaster

Suspended
Mar 28, 2010
2,180
655
Seattle
Do you care when a whole forum can see your ignorance?
Your entitled to your opinion. I don't care what anyone online thinks of me. Now if your attempting to call me out go ahead. But the fact that you have followed me into 2 Different threads shows how unhinged you are.
 

Mike225

macrumors 6502a
Original poster
Jul 15, 2010
521
0
SF BAY
Your entitled to your opinion. I don't care what anyone online thinks of me. Now if your attempting to call me out go ahead. But the fact that you have followed me into 2 Different threads shows how unhinged you are.
I started this thread, bright one. ;)
 

3N16MA

macrumors 65816
Jul 23, 2009
1,011
177
Space
I don't open any PDF's that come from unknown sources either. If I don't know who sent it then it gets deleted. If someone took over a site like suggested in this thread then I have no control over something like that. However it seems like someone can come up with any far fetched plan that could get me to open a PDF.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.