Three days ago a new version (v3) of Jailbreakme (aka jbme3.0), the website used to jailbreak Applie iOS devices (such as iPhone, iPod Touch and iPad), was released. The site takes advantage of userland-based exploits to take full control of these devices by simply visiting a web page. This v3 version makes use of a 0-day PDF vulnerability on a first stage, and a iOS kernel vulnerability to elevate privileges on a second stage. These vulnerabilities affects multiple Apple devices and versions, up to iPad2 and iOS 4.3.3. As far as we know, Apple has not released an official update yet against these vulnerabilities (although it's working on it), so all devices are at risk. If you have a jailbroken device, it is recommended to install “PDF Patcher 2” from Cydia to eliminate this risk (any firmware version). More details on the Dev Team blog: http://blog.iphone-dev.org. The common but not very realistic recommendation applies: do not open "malicious" PDF files or visit untrusted websites (using Mobile Safari)! I always wonder how end users can determine if a PDF or web page is malicious before opening it... probably those that contain the word malicious on its name or domain name :) ---- |
Raul Siles 152 Posts Jul 10th 2011 |
Thread locked Subscribe |
Jul 10th 2011 9 years ago |
" I always wonder how end users can determine if a PDF or web page is malicious before opening it..."
Through RFC 3514 of course :) http://tools.ietf.org/html/rfc3514 |
Anonymous |
Quote |
Jul 13th 2011 9 years ago |
Sign Up for Free or Log In to start participating in the conversation!