ASafety - AntiSecurity Un projet qui vous tiendra @coeur...

[x[@♥]]

JailbreakMe 2.0 Uses PDF Exploit

The iOS drive-by jailbreak available at jailbreakme.com (see yesterday's post) utilizes a PDF exploit. The PDF files, 20 of them, for various combinations of hardware/firmware, are located in a subdirectory off the root of the website.

Here's a snapshot of the code.

Charlie Miller had this to say via Twitter:

"Starting to get a handle on jailbreakme.com exploit. Very beautiful work. Scary how it totally defeats apple's security architecture."

In our testing, the PDF files crash both Adobe Reader and Foxit on Windows platforms. We detect them as variants of Exploit:W32/Pidief. While these files are not being used maliciously, an exploit is an exploit, and we'll add detections for them.

Do note that by default, there's no separate PDF viewer on an iPhone. Instead, PDF viewing is built into the Safari browser. The attack uses a corrupted font placed inside the PDF file to crash the Compact Font Format (CFF) handler.

(There have been 4 previously patched iOS CoreGraphics/PDF related vulnerabilities.)

You can find SHA1 and other information from VirusTotal.

On an amusing endnote, while jailbreaking an iPhone is now legal, it's not very nice to do so at the Apple Store.

Ça se simplifie! Un simple PDF maintenant? Pour effectuer une action maintenant légale ! Vont-ils enregistrer cet exploit dans les bases virales? J'en suis quasiment sûr...

Src here!