• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Exploits   »   Online iPhone Jailbreak Uses iOS Vulnerabilities

Online iPhone Jailbreak Uses iOS Vulnerabilities

  • Posted on:August 4, 2010 at 1:57 pm
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Jonathan Leopando (Technical Communications)
0

Earlier this week, a jailbreak for Apple’s iPhone 4 was released to the public by a developer known as “Comex.” By visiting a special website, users are able to jailbreak their devices far more easily than they could in the past. In addition to the iPhone 4, older Apple products running iOS can also be jailbroken this way. (Jailbreaking occurs when users modify the OS of their iPad, iPhone, and iPod Touch devices to run applications without passing through Apple’s app store.)

Well-known Apple security researchers like Charlie Miller have favorably commented on the quality of the jailbreak. The jailbreak exploits two separate vulnerabilities—the first vulnerability lies in how the Safari browser handles .PDF files. .PDF files can contain a specially crafted embedded font that can cause arbitrary code execution. It appears to be related or identical to a similar Mac OS X flaw that was patched in March. A second vulnerability is used to gain elevated privileges on the device but details on this are not publicly available.

There is no reason for the same techniques jailbreak developers use to not be used by malicious users to push malware onto iOS devices. So far, no attacks have been reported but this may not be the case in the future. There has been no official word from Apple about a patch for this flaw.

Users can use Trend Micro’s Smart Surfing for iPhone application, which provides protection against malicious websites, including those targeting iOS devices. For example, the site containing the jailbreaking code is currently blocked as shown below.

Thanks to Product Manager Warren Tsai for providing the details on the exploits used.

Update as of August 5, 2010, 3:04 a.m. UTC

Trend Micro now detects the PDF files used for this as TROJ_PIDIEF.HLA.

Although there is no malicious payload currently linked to the said file, it could very easily be used for malicious attacks. As Advanced Threats Researcher Joey Costoya states, At this point, anybody could just create a PDF file with malicious payload using the same exploit. They already have the exploit PDF available publicly (via the jailbreak site). All they need now is to modify the exploit payload.

Update as of August 12, 2010, 3:11 a.m. UTC

Apple released security updates to address the vulnerabilities used for the jailbreak. The advisory describes the vulnerabilities as a stack buffer overflow vulnerability which exists in FreeType’s handling of CFF opcodes and an integer overflow vulnerability in the handling of IOSurface properties. iPhone, iPod and iPad users are strongly advised to apply the updates as soon as possible.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»

Featured Stories

  • systemd Vulnerability Leads to Denial of Service on Linux
  • qkG Filecoder: Self-Replicating, Document-Encrypting Ransomware
  • Mitigating CVE-2017-5689, an Intel Management Engine Vulnerability
  • A Closer Look at North Korea’s Internet
  • From Cybercrime to Cyberpropaganda

Security Predictions for 2018

  • Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.
    Read our security predictions for 2018.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Monero-Mining RETADUP Worm Goes Polymorphic, Gets an AutoHotKey Variant
  • XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing
  • XTRAT and DUNIHI Backdoors Bundled with Adwind in Spam Mails
  • Ransomware XIAOBA Repurposed as File Infector and Cryptocurrency Miner
  • Not Only Botnets: Hacking Group in Brazil Targets IoT Devices With Malware

Popular Posts

  • New MacOS Backdoor Linked to OceanLotus Found
  • Monero-Mining HiddenMiner Android Malware Can Potentially Cause Device Failure
  • ChessMaster Adds Updated Tools to Its Arsenal
  • Ransomware XIAOBA Repurposed as File Infector and Cryptocurrency Miner
  • Not Only Botnets: Hacking Group in Brazil Targets IoT Devices With Malware

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.