iPhone Jailbreak Uses a PDF Display Vulnerability 289
adeelarshad82 writes "Latest reports indicate that the website that 'jailbreaks' iPhones, iPads, and iPod Touches does so by means of a PDF-based vulnerability in OS X. PDF parsing and rendering is a core feature of OS X, and there have been several other vulnerabilities in the past in iOS CoreGraphics PDF components." As Gruber points out, the proper term for this is not "jailbreak," but "remote code exploit in the wild."
Re:PDF (Score:5, Insightful)
Poor Dumb *Explicit*s
Re:PDF (Score:5, Insightful)
I forget can some one remind me what P.D.F. stands for again?
Programmable Digital-executable Format
And they've almost got every means of binary execution crammed in.
It's a feature... (Score:2, Insightful)
It's really funny to see how this is treated by the mass media. They make it sound like it's a feature...
PDF? (Score:2, Insightful)
It's Adobe's revenge!
Re:It's a feature... (Score:4, Insightful)
Re:The new jailbreak is amazing (Score:5, Insightful)
Yes, excellent job. Now you just ran an app on your hand held computer that rooted it from a browser. Amazing work of the hackers aside, are you certain you now know for sure your phone is not spying on you and is not going to be used for something you do not want, like someone else using your connection for long distance calls or for spam or DDOS attacks or just a part of some cellular botnet?
Amazing job - someone rooting your phone through a PDF.
Re:Not a virus (Score:2, Insightful)
In a way it should be labeled Malware, but that hardly seems an appropriate label since it's doing the user a favor...
If you consider jailbreaking the iPhone a favor to the user. The next site that uses this gaping security hole to install a rootkit, or other malicious piece of software, won't be such a favor. This is a huge security issue for iDevices. When I posted the 'browser jailbreak' story the other day I included this (which was not included in version that posted by the editor):
The ability to modify iOS simply by visiting a website leaves these iDevices vulnerable to all sorts of malicious possibilities. I'd bet the ranch that Apple isn't the only one analyzing the website in order to diagnose this major security hole ... so are those with more nefarious intentions.
The fact that it is a PDF exploit rather than an iOS issue makes it more difficult for Apple to patch since it's not "one of their own". Clearly it's Apple responsibility to fix this ASAP (and their fault for letting it get into customer's hands), so they better get on it before someone else starts turning things into iP0wns.
Re:This is really tiresome (Score:3, Insightful)
In the computing world we live in, where performance is everything, and correctness merely nice to have, yes, yes it is that hard. Until we start using highly abstracted, highly statically checked languages, and implementing proofs that things like buffer overruns happen, this is the sad reality we live in.
Re:Not a virus (Score:2, Insightful)
Unlike open systems, they do largely prevent users from doing stupid stuff. However, because some percentage of users wish to escape the controls(which are never entirely benevolent, the temptation to rent-seek is just too strong), those users and the platform vendor become adversaries.
On an open system, the incentives of the user and the platform vendor are aligned: both want it to be as secure as possible. In a closed system, some percentage of the users actively depend on the existence of vulnerabilities, and wish to prolong that existence as much as possible, in order to secure their freedom from the platform vendor's control.
This is, of course, in addition to black hats, who have an equal desire for the existence of unknown security flaws on both closed and open platforms.
Interesting... (Score:2, Insightful)
That Tavis Ormandy is torn apart for releasing a more complicated vulnerability, but jailbreaking your phone just by clicking a url is widely celebrated. How difficult is it really gonna be to weaponize this jailbreak...
Re:Adobe Strikes Back! (Score:5, Insightful)
More relevant to modern readers, most OEMs seem to ship consumer-focused systems with vaguely up-to-date-but-just-a-bit-behind versions of Flash(and acrobat reader, and other stuff). This isn't strictly microsoft's fault; but it is what you are likely to get out of the box.
Re:Not a virus (Score:2, Insightful)
They are not connected to the internet as much, and their bandwidth is not as great as most drone computers.
Also, using a phone as a zombie is going to be draining resources, and phones are built to process as little as possible to save battery.
They would be fantastic for data mining, and fraud, but as part of a botnet they just dont have the resources a good ol desktop has.
PDF is iOS core (Score:5, Insightful)
If you consider jailbreaking the iPhone a favor to the user.
The users who are doing it would, that's why they are doing it!
The next site that uses this gaping security hole to install a rootkit, or other malicious piece of software, won't be such a favor. This is a huge security issue for iDevices.
Oh, I totally agree - it's a pretty bad security flaw, and has nice demonstration code for how to exploit it as well so it's pretty much the worst possible case.
That's why it's so interesting to see if there are in fact followup malicious attacks.
The fact that it is a PDF exploit rather than an iOS issue makes it more difficult for Apple to patch since it's not "one of their own".
No. Apple wrote all the PDF handling code in iOS (and on the Mac). We'd see a lot more attacks like this had they embedded Adobe Reader....
Clearly it's Apple responsibility to fix this ASAP (and their fault for letting it get into customer's hands), so they better get on it before someone else starts turning things into iP0wns.
It is 100% on Apple to get a fix out. With 4.1 so close at hand, they may wait on that to finish up... or perhaps it's a sliding scale and the first sign of any real attack will bring down the update hammer if it happens before 4.1 (4.1 beta 3 just came out today and probably fixes this bug).
Re:The new jailbreak is amazing (Score:5, Insightful)
Pardon my language, but, what the fuck?
If my web browser is such that browsing to a page can lead to code execution as root, that's bad. I don't care if the system is open or closed or what government agency might be listening in, it is a serious vulnerability any way you slice it. It should be patched.
Your comment is entirely irrelevant to the post it is replying to. You're phrasing it as a rebuttal of some kind, but it does not say anything to this point.
Re:Explois and wikileaks (Score:2, Insightful)
Its actually not hard to read the entire exploit yourself from the site. Change your browsers useragent to an iPhone like string, and inspect the javascript on the page. i scoffed when i found the function that makes the url to the exploit file:
function get_page() {
return model == null ? null : ("/_/" + model + "_" + firmware + ".pdf")
}'
Re:The new jailbreak is amazing (Score:5, Insightful)
Your comment is ridiculous, yet moderated at +5 Insightful. If your computer can be owned through a web browser by opening a PDF, then your computer is insecure, this is the issue.
If you buy products from a company that does not release source code that is a different issue completely. Yes, a company can be providing governments with your information. No, it does not make it OK for the phone from that company to be exploitable the way iphone is.
Re:It's a feature... (Score:5, Insightful)
I looked at the web page for my local newspaper today and it featured two headlines right above one another:
1. iPhone4 Jailbreak Offers Apps to Millions
2. Microsoft Windows Flaw Leaves Millions Vulnerable to Hackers and Malware
I guess we always knew that mass media lives well inside the reality distortion field, but still ...
Re:PDF (Score:4, Insightful)
The joke is that this so-called "document format" is going way outside its original scope and now supports so much scripting that it might as well be a library for executable files.
Re:It's a feature... (Score:5, Insightful)
It says nothing about Apple's policies and everything about the mass media.
Not really an issue (Score:3, Insightful)
This might be useless if the 3G/4G networks gets blasted by a ton of zombied iPhones and updates can't get to the phone so easily.
The updates comes through iTunes on the users home connection, not over the cell network.
Or possibly you could use this to disable the network entirely and essentially brick it until reset to default.
That implies an exponential spread which would mean a real virus. A website or two that spread malicious code would be unable to have this effect. There's really not a good way you could get a virus going on the iPhone, it's not like they are listening to the internet at large for incoming data or have open ports you can do something with.
Besides, on AT&T, how would you be able to tell?
Re:It's a feature... (Score:3, Insightful)
Re:I hear differently from Users (Score:3, Insightful)
What about not including it by default, but not banning it either, and letting people install it if they choose to?
Re:Does not compute... (Score:5, Insightful)
Genuine question, no sarcasm tag required: How do those who berate Apple's walled-garden approach feel about games consoles? It genuinely puzzles me why we don't hear nearly so many complaints about the lack of open access to consoles, while a similar (to my mind; feel free to put me right) approach to a phone is evil.
As for the exploit that makes this jailbreaking possible, I sympathize with people who wish to jailbreak their phone, but I hope this particular exploit is closed as soon as possible. I've heard there are some unscrupulous types in tha intarweb who might consider using such a thing for less than altruistic purposes.
OK, maybe a touch of sarcasm after all.
Re:Does not compute... (Score:3, Insightful)
You have to admit though, that the whole thing is extremely user-friendly even when jailbreaking. No stupid yellow pop-up ActiveX warnings, just tap here, slide there, and off you go. I wonder how much Apple influence was there when the UI was designed for this jailbreak. Compare how nice it looks next to most PC-based cracks/hacks that one can download. I'm half-serious here.
Re:I hear differently from Users (Score:4, Insightful)
Re:Does not compute... (Score:3, Insightful)
Genuine question, no sarcasm tag required: How do those who berate Apple's walled-garden approach feel about games consoles?
When I talk about Apple and use words like 'walled-garden' and 'open' my post has the word 'Insightful' appear next to it. That doesnt work as well in console threads, so I use words like "defective-by-design' and 'RROD' to make it appear.
Re:I hear differently from Users (Score:1, Insightful)
Re:Does not compute... (Score:5, Insightful)
I think the difference is that to many people, a phone is an important part of everyday life. You use it to track appointments, keep in touch with people, read email, surf the web, get information, etc. It's a very personal device.
On the other hand, a game console isn't very personal. While you can personalize it in some ways, it never really rises above the straightforward tasks of playing games and other media. And since you don't (usually) take it with you, a game console is just not going to be as integral to your everyday life as a phone.
So, when it seems like someone else has control over your phone, it's much more unsettling. You think of it and everything on it as "yours," and every time you're reminded that someone else holds all the keys to it, that illusion is dispelled a little bit more.