JailbreakMe is a web-based process of jailbreaking the iPhone, and its smoother than a ferry ride home from Alcatraz. Although it’s good news if your a timid Apple device owner who is hungry for “unsanctioned” apps, it raises security questions about such an escape.
JailbreakMe unlocks your iOS device by taking advantage of a simple flaw in the way the iOS renders Adobe PDF files. By setting an iOS device free, you can get apps outside of the iTunes App Store, like Cydia, on your iPod, iPhone or iPad. If you get a bit scared and need to get back in the Apple box, no problem, just restore your device in iTunes. Even though the Library of Congress ruled this month that jailbreaking is legal and does not violate the Digital Millennium Copyright Act, its of course going to put you in the hot seat with Apple if you ever try to make a warranty claim. Apple cautions that these practices will terminate your warranty. Despite Apple’s warning, it’s estimated that 3 million jailbroken devices already exist. But as the number of jailbreakers increase, so is the likelihood that Apple will fix this flaw in an attempt to banish competitors and security threats from their sacred utopia. Besides, what else could this flaw be used to gain, aside from any personal information you may have on disk and a bunch of Apple devices in their stores.
Pranksters have been going into Apple stores and visiting JailbreakMe, then cracking the very demo devices Apple uses to sell to customers. Now of course, this is like tossing some camp fuel on that already roaring fire. If people want to keep JailbreakMe around, their going to have to be a little more hush about it. Apple has already taken steps and blocked Jailbreakme.com from their in-store Wi-Fi network. The next step is a fix for the terrifying exploit, which Apple says is coming this week. As it stands, any website carrying the malicious code that you visit can in effect crack your iDevice and retrieve all your private data, now that’s a bit scary.
You simply go to MobileSafari, enter JailBreakme.com, then push the slider to the right to begin the jailbreaking exploitation process. It downloads, it Jailbreaks, you sit tight.
The information regarding this security hole has been made public by the U.S. Computer Emergency Response Team. The good news is this will force a fix to be made sooner rather then later. The bad news, now malicious clones will be spawned, and until the fix is released, be very careful of what sites you visit on your Apples.
The vulnerability uses FreeType, and this is how it works:
FreeType is a font engine that can open and process font files. FreeType 2 includes the ability to handle a number of font types, including Compact Font Format (CFF). FreeType is used by a number of applications, including PDF readers, web browsers, and other applications. FreeType 2 contains a flaw in the handling of some CFF opcodes, which can result in stack corruption. This can allow arbitrary code execution.
By causing an application that uses FreeType to parse a specially-crafted CFF font, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. This can occur as the result of opening a PDF document or viewing a web page.
Stay tuned for more updates this week.
JailBreakMe.com [The one and only] Apple to patch JailbreakMe.com flaw this week [ZDNet] Apple Blocks Jailbreakme.com From Stores, Pranksters Undeterred [Wired]