Home » Uncategorized » JailbreakMe takes advantage of iOS security flaw: Why you need to worry about it
The screen where it all begins.
The screen where it all begins.

JailbreakMe takes advantage of iOS security flaw: Why you need to worry about it

The screen where it all begins.

JailbreakMe is a web-based process of jailbreaking the iPhone, and its smoother than a ferry ride home from Alcatraz.  Although it’s good news if your a timid Apple device owner who is hungry for “unsanctioned” apps, it raises security questions about such an escape.

JailbreakMe unlocks your iOS device by taking advantage of a simple flaw in the way the iOS renders Adobe PDF files.  By setting an iOS device free, you can get apps outside of the iTunes App Store, like Cydia, on your iPod, iPhone or iPad.  If you get a bit scared and need to get back in the Apple box, no problem, just restore your device in iTunes. Even though the Library of Congress ruled this month that jailbreaking is legal and does not violate the Digital Millennium Copyright Act, its of course going to put you in the hot seat with Apple if you ever try to make a warranty claim. Apple cautions that these practices will terminate your warranty.  Despite Apple’s warning, it’s estimated that 3 million jailbroken devices already exist.  But as the number of jailbreakers increase, so is the likelihood that Apple will fix this flaw in an attempt to banish competitors and security threats from their sacred utopia. Besides, what else could this flaw be used to gain, aside from any personal information you may have on disk and a bunch of Apple devices in their stores.

Pranksters have been going into Apple stores and visiting JailbreakMe, then cracking the very demo devices Apple uses to sell to customers. Now of course, this is like tossing some camp fuel on that already roaring fire. If people want to keep JailbreakMe around, their going to have to be a little more hush about it. Apple has already taken steps and blocked Jailbreakme.com from their in-store Wi-Fi network. The next step is a fix for the terrifying exploit, which Apple says is coming this week. As it stands, any website carrying the malicious code that you visit can in effect crack your iDevice and retrieve all your private data, now that’s a bit scary.

You simply go to MobileSafari, enter JailBreakme.com, then push the slider to the right to begin the jailbreaking exploitation process. It downloads, it Jailbreaks, you sit tight.

The information regarding this security hole has been made public by the U.S. Computer Emergency Response Team. The good news is this will force a fix to be made sooner rather then later. The bad news, now malicious clones will be spawned, and until the fix is released, be very careful of what sites you visit on your Apples.

The vulnerability uses FreeType, and this is how it works:

FreeType is a font engine that can open and process font files. FreeType 2 includes the ability to handle a number of font types, including Compact Font Format (CFF). FreeType is used by a number of applications, including PDF readers, web browsers, and other applications. FreeType 2 contains a flaw in the handling of some CFF opcodes, which can result in stack corruption. This can allow arbitrary code execution.

By causing an application that uses FreeType to parse a specially-crafted CFF font, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. This can occur as the result of opening a PDF document or viewing a web page.

Stay tuned for more updates this week.

JailBreakMe.com [The one and only] Apple to patch JailbreakMe.com flaw this week [ZDNet] Apple Blocks Jailbreakme.com From Stores, Pranksters Undeterred [Wired]

About Nikki Heeren

I'm a Kindle-carrying nerd with a love of technology, mobile, gadgets, automobiles and green tech! I have a master's degree in education and have experience teaching about one of nature's greatest technology- worm composting. I love all animals, not just worms, and believe their energy effects us all in ways we cannot comprehend.

Check Also

wii-oculus-rift-hoverboard

Try Oculus Rift And Wii To Roam Around On The Back To The Future Hoverboard

Check out how you can fly in virtual space by using an Oculus Rift and a Wii Balance Board.

131129-amz

Amazon Appstore for Android Holiday Deals, Including Free Apps

There are tons of deals from the Amazon Appstore that will be offered starting now and throughout the holiday shopping season. They say that they will have "hundreds of titles that are eitehr free... or available between 50-90% off" the regular price.

131129-google

Black Friday: Google Play Store Apps, Games and Content on Sale All Weekend

Case in point, if you head over to the Google Play Store right now, you'll find that Google is celebrating all Cyber Weekend with discounts on all sorts of content. This includes many popular apps and games

131129-gtab

Black Friday Deal: Samsung Galaxy Tab 3 10.1-Inch for $100 Off

Did you manage to score any epic Black Friday deals this morning? Are you still ...

131128-diy

Arduino Co-Creator Releases Plans for $200 DIY Mobile Phone

Mellis was one of the people who came up with the now hugely popular Arduino platform and now he has come up with plans for people to build their own cell phone for about $200 in parts.

131128-apple

No Discounts for Apple Black Friday, Just Free Gift Cards

If you were hoping to save yourself some cash as you brave the Black Friday shopping crowds, you'll want to go somewhere other than the official Apple Stores.