PLEASE READ THIS if you have jailbroken your iPhone using Jailbreakme.com

Discussion in 'Jailbreaks and iOS Hacks' started by iMoo, Aug 2, 2010.

Thread Status:
Not open for further replies.
  1. iMoo macrumors regular

    iMoo

    Joined:
    Jun 13, 2010
    #1
    http://9to5mac.com/node/20643

    Please read the above link for the original article.

    I have caped the "Pleas Read" as this does sound quite serious so thought i would get this on here as soon as poss. This info is for iPhones if Jailbroken or not.

    I have copied and pasted below for your viewing incase you do not wish to go through the link, all wording is not my own and credit goes to 9to5mac


    "The Jailbreakme bigger issue: iOS is now wide open for security exploitations
    Seth Weintraub
    |
    August 02, 2010
    |

    * iProducts

    Share8

    Jailbreaking iPhones has been around for awhile but Comex's 4.0 Jailbreakme.com is different in one huge way that shouldn't sit well with you if you are on an iOS device. The jailbreak happens without any user intervention because of a security hole in iOS that allows a website to write data to your iPhone. Obviously if you can jailbreak an iPhone remotely, you can do just about anything else you want to it.

    Your iOS device is insecure is such a big and obvious way right now. You should be extremely careful of what sites you visit.

    MacStories details how a FlateDecode vulnerability is used as a PDF File embedded within a Web page (believe us, hackers already know this and are working on this as quickly as Apple is readying a fix). Basically iOS tries to parse the PDF file from the Web but, in doing so, it executes some code, that in this case allows you to jailbreak your device. It isn't rocket science to have it do something completely different.

    Apple has to fix this almost immediately in an update. I imagine this is one of those "no one sleeps until an update is ready" type of moments in the iOS security team. Maybe not, but this is rather large.

    Unfortunately, the reality is that not everyone updates their iPhone for every security risk. Even Steve Jobs was shown to be months behind security vulnerabilities on his iPhone. If Steve Jobs doesn't keep his iPhone current, there are going to be lots of people out there who are susceptible for a long time. Corporate IT managers are going to have a great time rounding up mobile workforces and force updates. That sales guy in Europe? That's just the beginning.

    This has happened before without major incident:

    The original iPhone jailbreak was a similar situation where a TIFF file format was exploited to gain control of the iPhone. However, that was a long time ago and a lot of iPhones have been sold since then. And iPods and iPads. The iOS is a much bigger target now and the rewards are much greater for hackers.

    Ironically, one of the only ways to make sure your device is immune from such an attack is to jailbreak it and install a little code that will bring up a pop-up window before allowing the PDF to run on your computer. Pasted again from MacStories below.



    Tweeted by @cdevwill earlier today, all you have to do is download this .deb file and open it on your device using either Terminal from your Mac, or iFile on the iPhone. Just download it and place it in /var/mobile.

    - Using Terminal:

    ssh root@your IP address

    alpine

    dpkg -i file.deb

    Where “alpine” is the default password you’ll get after installing Open SSH from Cydia and “your IP address” is located under Settings – > Wifi – > active wifi connection.

    - Using iFile:

    Navigate to /var/mobile and double tap on the .deb file to install it.

    Please be aware that this won’t fix the issue, but it’ll simply ask you if you really want to open a .PDF every single time. If the source is trusted, you can confirm. But if you happen to visit a website that tries to install malicious stuff on your iPhone using @comex’s method, then you’ll be able to kill it.

    Apple will surely address the bug in a future iOS release, but if you want to be safe right now – give it a try."
     
  2. Shoesy macrumors 6502a

    Shoesy

    Joined:
    Jun 21, 2007
    Location:
    Colchester, UK.
    #2
    Surely makes no difference whether you visit the site or not- right now we're wide open.
     
  3. joshuasiphone macrumors newbie

    Joined:
    Jun 14, 2008
    #3
    Makes no difference right now. The exploit is there whether you visit the site or not.
     
  4. budman1961 macrumors regular

    Joined:
    Mar 9, 2010
    #4
    I just peed myself a little.........a little knowledge is a dangerous thing....:D
     
  5. Chodite macrumors 6502a

    Chodite

    Joined:
    Sep 23, 2007
    Location:
    Baltimore, MD
    #5
    Explains why Comex Tweeted last night, "I wonder how long until someone figures out the actual bug I'm exploiting."
     
  6. goobot macrumors 603

    goobot

    Joined:
    Jun 26, 2009
    Location:
    long island NY
    #6
    First off this doesn't matter if you are jailbroken or not. And this is on the front page.
     
  7. chakraj macrumors 65816

    chakraj

    Joined:
    Feb 6, 2008
    Location:
    So Cal
    #7
    How do you get the .deb file onto your phone? SSH? is there any other way?
     
  8. jonjames macrumors regular

    Joined:
    Feb 20, 2009
    #8
    We are all going to loose all of our personal info. We should all throw our phones in the river, then run and hide!
     
  9. bushido Suspended

    bushido

    Joined:
    Mar 26, 2008
    Location:
    Germany
    #9
    i'm not worried ive never been hacked "not even on my windows :eek:" and there isnt rly anything to find that's newsworthy on my iphone anyway lol
     
  10. Alxvasqz12 macrumors member

    Joined:
    Jun 14, 2010
    Location:
    Texas
    #10
    this should worry everyone not just people who jailbreaked their phone
     
  11. Doctor Q Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
Thread Status:
Not open for further replies.

Share This Page