PDF Vulnerability Exposed by JailbreakMe

The JailbreakMe website which allows users to have a browser-based jailbreak for their iOS devices is great for jailbreakers, but works because of a vulnerability in iOS: the iPhone automatically downloads PDF files, and the developer, Comex injected the jailbreak code into the FlateDecode stream section of the file.

This is a clear problem for Apple and for non-jailbreakers. Why is it not a problem for jailbreakers? Well, once the device is jailbroken, you can patch the hole, to prevent malware from using the same trick to hack into your iPhone. The fix, or rather the workaround, comes from @cdevwill on Twitter on Monday.

cdevwill's change will present a user with a warning whenever a PDF file is about to be opened by iOS. This will prevent a malicious website from loading malware using a PDF file without the user's knowledge.

In fact, if you look, the fix should be on Cydia later today as "PDF Warning Loader." That should include everything you need to install the fix easily. If instead, you can't wait, you'll have to follow the following instructions (assuming you've already jailbroken your iPhone) and installed OpenSSH from Cydia.

Download this .deb file. Place it in /var/mobile on your device.

Then, you need to open it on your device. On the Mac, you can use Terminal, as follows:
  • ssh root@your IP address
  • alpine (default password for SSH; if you've changed it use that new password)
  • dpkg -i file.deb
Your IP address is located under Settings, Wifi, active wifi connection.

Using iFile: on your iPhone, simply navigate to /var/mobile and double tap on the .deb file to install it.

Once again, you can try to look for the package to appear on Cydia, and as we also said, this is really just a safeguard / workaround. Apple will have to patch this security hole in a future update of iOS (which will also, naturally, close this jailbreak).