PLEASE READ THIS if you have jailbroken your iPhone using Jailbreakme.com

Status
Not open for further replies.

iMoo

macrumors regular
Original poster
Jun 13, 2010
231
5
http://9to5mac.com/node/20643

Please read the above link for the original article.

I have caped the "Pleas Read" as this does sound quite serious so thought i would get this on here as soon as poss. This info is for iPhones if Jailbroken or not.

I have copied and pasted below for your viewing incase you do not wish to go through the link, all wording is not my own and credit goes to 9to5mac


"The Jailbreakme bigger issue: iOS is now wide open for security exploitations
Seth Weintraub
|
August 02, 2010
|

* iProducts

Share8

Jailbreaking iPhones has been around for awhile but Comex's 4.0 Jailbreakme.com is different in one huge way that shouldn't sit well with you if you are on an iOS device. The jailbreak happens without any user intervention because of a security hole in iOS that allows a website to write data to your iPhone. Obviously if you can jailbreak an iPhone remotely, you can do just about anything else you want to it.

Your iOS device is insecure is such a big and obvious way right now. You should be extremely careful of what sites you visit.

MacStories details how a FlateDecode vulnerability is used as a PDF File embedded within a Web page (believe us, hackers already know this and are working on this as quickly as Apple is readying a fix). Basically iOS tries to parse the PDF file from the Web but, in doing so, it executes some code, that in this case allows you to jailbreak your device. It isn't rocket science to have it do something completely different.

Apple has to fix this almost immediately in an update. I imagine this is one of those "no one sleeps until an update is ready" type of moments in the iOS security team. Maybe not, but this is rather large.

Unfortunately, the reality is that not everyone updates their iPhone for every security risk. Even Steve Jobs was shown to be months behind security vulnerabilities on his iPhone. If Steve Jobs doesn't keep his iPhone current, there are going to be lots of people out there who are susceptible for a long time. Corporate IT managers are going to have a great time rounding up mobile workforces and force updates. That sales guy in Europe? That's just the beginning.

This has happened before without major incident:

The original iPhone jailbreak was a similar situation where a TIFF file format was exploited to gain control of the iPhone. However, that was a long time ago and a lot of iPhones have been sold since then. And iPods and iPads. The iOS is a much bigger target now and the rewards are much greater for hackers.

Ironically, one of the only ways to make sure your device is immune from such an attack is to jailbreak it and install a little code that will bring up a pop-up window before allowing the PDF to run on your computer. Pasted again from MacStories below.



Tweeted by @cdevwill earlier today, all you have to do is download this .deb file and open it on your device using either Terminal from your Mac, or iFile on the iPhone. Just download it and place it in /var/mobile.

- Using Terminal:

ssh root@your IP address

alpine

dpkg -i file.deb

Where “alpine” is the default password you’ll get after installing Open SSH from Cydia and “your IP address” is located under Settings – > Wifi – > active wifi connection.

- Using iFile:

Navigate to /var/mobile and double tap on the .deb file to install it.

Please be aware that this won’t fix the issue, but it’ll simply ask you if you really want to open a .PDF every single time. If the source is trusted, you can confirm. But if you happen to visit a website that tries to install malicious stuff on your iPhone using @comex’s method, then you’ll be able to kill it.

Apple will surely address the bug in a future iOS release, but if you want to be safe right now – give it a try."
 

jonjames

macrumors regular
Feb 20, 2009
121
0
We are all going to loose all of our personal info. We should all throw our phones in the river, then run and hide!
 

bushido

Suspended
Mar 26, 2008
8,070
2,754
Germany
i'm not worried ive never been hacked "not even on my windows :eek:" and there isnt rly anything to find that's newsworthy on my iphone anyway lol
 
Status
Not open for further replies.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.