Peter Binder A new jailbreak was released this week (instructions here), which is unparalleled in its simplicity. All you have to do is open mobile safari, enter the web address there www.jailbreakme.com, move the slider and then wait a few minutes. However, this simplicity exposed a serious security flaw.
JailbreakMe is solved very smartly. Hackers discovered that the iPhone automatically downloads PDF files, so they inserted the jailbreak code into the PDF file. It allowed that after entering the website www.jailbreakme.com just slide the slider, wait a while and the jailbreak is done.
But what is more important is that these hackers drew attention to a security flaw that can be used by practically anyone. All he has to do is insert the malicious code into the PDF file and your iPhone will automatically download it and subsequently cause you unpleasant problems.
We bring you instructions on how to prevent automatic downloads at least a little, because before every download of a PDF file you will be asked whether you want to download the file or not. The instructions can be done either using the Terminal or the iFile application. Due to less complexity, we will use the second option - i.e. using the iFile application.
We will need:
- Jailbroken device.
- .deb file (download link).
- Software for browsing the system structure of the device (eg DiskAid).
- iFile (application from Cydia).
Approach:
- Download the .deb file from the above link.
- On your computer, run software to browse the system structure of your iPhone or other device. Copy the downloaded file to the /var/mobile folder.
- Launch iFile on your device, go to the /var/mobile folder and open the copied file. It should then be installed.
- After installing the file, your iPhone or other device will ask you whether you want to download the PDF file or not before downloading it.
This guide will prevent automatic PDF downloads, but you may still download a PDF file that will contain malicious code. Therefore, we advise you to download PDF files only from verified sources, where you know that malicious code will not be lurking for you.
Source: www.macstories.net
The patch is already live on Cydia, so you just need to install it via it, anyway thanks for the warning...
Q: Has anyone jailbroken an iPhone 2G via JBme.com?
JBme.com is if vim JB for iOS4, so I don't understand why try to jailbreak the iP 2G through it?
What is the name of this patch in cydia please? Where I find him? The search fails me there, I didn't search by keywords. Just prime names. Zizi
PDF Loading Warner
So, in order to protect the iPhone, do I have to make jb and install something to prevent automatic downloads? Just let ios4.1 be here and without errors
It's quite a paradox, but Apple said yesterday that they have already developed a patch for this security flaw and that it will be in 4.1. Just wait for them to post it.
But if the patch is only in 4.1, then it's a dead giveaway for iPhone 2G owners :-(