Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

iPhone Jailbreak Uses a PDF Display Vulnerability

kdawson posted about 4 years ago | from the get-out-of-jail-free dept.

Iphone 289

adeelarshad82 writes "Latest reports indicate that the website that 'jailbreaks' iPhones, iPads, and iPod Touches does so by means of a PDF-based vulnerability in OS X. PDF parsing and rendering is a core feature of OS X, and there have been several other vulnerabilities in the past in iOS CoreGraphics PDF components." As Gruber points out, the proper term for this is not "jailbreak," but "remote code exploit in the wild."

cancel ×

289 comments

Sorry! There are no comments related to the filter you selected.

PDF (3, Funny)

ae1294 (1547521) | about 4 years ago | (#33131214)

I forget can some one remind me what P.D.F. stands for again?

Re:PDF (4, Insightful)

Monkeedude1212 (1560403) | about 4 years ago | (#33131240)

Poor Dumb *Explicit*s

Re:PDF (1)

Kitkoan (1719118) | about 4 years ago | (#33131278)

Poor Decision, Forgettaboutit

Re:PDF (4, Insightful)

Culture20 (968837) | about 4 years ago | (#33131284)

I forget can some one remind me what P.D.F. stands for again?

Programmable Digital-executable Format
And they've almost got every means of binary execution crammed in.

Re:PDF (0, Redundant)

Revotron (1115029) | about 4 years ago | (#33131350)

I must be missing something or having a whoosh moment, because you're totally wrong.

PDF in this sense means Portable Document Format.

Re:PDF (1)

Kitkoan (1719118) | about 4 years ago | (#33131368)

Yep, its a whoosh moment...

*whoosh*

Re:PDF (1)

Monkeedude1212 (1560403) | about 4 years ago | (#33131404)

Yes, that is a whoosh moment.

Re:PDF (0)

Anonymous Coward | about 4 years ago | (#33131950)

Seriously, LOL - this deserves to become the unofficial name of PDF. Realizing that one can embed a SWF file inside a PDF document (and that inside another SWF, and so on...) is the ultimate facepalm moment.

Say it with me... (5, Funny)

warrax_666 (144623) | about 4 years ago | (#33131360)

It stands for PeDoFile.

Re:Say it with me... (2, Funny)

ildon (413912) | about 4 years ago | (#33132310)

Did you say Peter File [youtube.com] ?

Re:PDF (0)

TomXP411 (860000) | about 4 years ago | (#33131460)

I thought it was "Portable Document Format", so-named because everything needed to display the document (except the viewer) was built in to the file. HTML relies on external fonts and images. Word processor files also rely on external fonts. PostScript files may not render on certain devices, such as non-PostScript printers. Image files are too large and bulky, especially when stored in high enough resolution to be useful for printing (at least 300dpi, which would be 7.5 megapixels (22 MB RAW) for a single page. On the other hand, PDF's (theoretically) render the same on any OS and hardware: it should look reasonably similar on a screen and on any printer...

GSview (2, Informative)

tepples (727027) | about 4 years ago | (#33131552)

PostScript files may not render on certain devices, such as non-PostScript printers.

Any printer can be used as a PostScript printer if the PC connected to it is running an implementation of the PostScript language, which converts a PostScript file to a bitmap image. See GSview [wisc.edu] .

Re:PDF (2, Funny)

rudy_wayne (414635) | about 4 years ago | (#33131896)

I thought it was "Portable Document Format",

Based on the number of flaws, I would call it "Problematic Document Format".

Re:PDF (0, Offtopic)

Orestesx (629343) | about 4 years ago | (#33132050)

+1 Funny

Re:PDF (1)

clintonmonk (1411953) | about 4 years ago | (#33131634)

I forget can some one remind me what P.D.F. stands for again?

Pretty Dumb File.

http://www.toothpastefordinner.com/070210/pretty-dumb-file.gif

Re:PDF (4, Funny)

Anonymous Coward | about 4 years ago | (#33131676)

P. D. F = P0wn Da Fone?

Re:PDF (0)

Anonymous Coward | about 4 years ago | (#33131972)

Pown Document Format.

Does not compute... (4, Funny)

chaboud (231590) | about 4 years ago | (#33131218)

Didn't you know that Apple is more secure?

As soon as I saw "computer-free jailbreak, straight from your browser" I thought "oh man.. here we go."

Re:Does not compute... (5, Funny)

magsol (1406749) | about 4 years ago | (#33131268)

"It just works!...even though it's not actually supposed to!"

Re:Does not compute... (0, Offtopic)

cbhacking (979169) | about 4 years ago | (#33131976)

It's OK, on Apple products remote elevation-of-privilege exploits with remote code execution are only used for *GOOD* things, like giving you control of the shiny little handheld computer you bought.

</sarcasm> just in case anybody was wondering.

Re:Does not compute... (1)

Nerdfest (867930) | about 4 years ago | (#33131986)

I thought "It Just Works" was describing iOS 4 on the 3G ...

It's a feature... (2, Insightful)

Anonymous Coward | about 4 years ago | (#33131414)

It's really funny to see how this is treated by the mass media. They make it sound like it's a feature...

Re:It's a feature... (3, Insightful)

Darkness404 (1287218) | about 4 years ago | (#33131598)

Really says alot about Apple's policies if the mass media is treating this like a feature and a good thing to be able to jailbreak it.

Re:Does not compute... (1)

Monkeedude1212 (1560403) | about 4 years ago | (#33131424)

No no no, you see, its not a Jailbreak, its a Remote Code Exploit... straight from your browser.

Re:Does not compute... (1)

isaaccs (1854142) | about 4 years ago | (#33131698)

More does not mean completely.

Re:Does not compute... (0, Redundant)

Idbar (1034346) | about 4 years ago | (#33131984)

C'mon! It's just part of the magic!

I hear differently from Users (1)

longhairedgnome (610579) | about 4 years ago | (#33131280)

Apple doesn't get virii like PCs.

Re:I hear differently from Users (0, Flamebait)

Kitkoan (1719118) | about 4 years ago | (#33131308)

Of course not, Apple gets security risks right out of the box so you don't have to do it yourself. A weak security Flash player is built into every copy of OSX so you too can worry about security.

Re:I hear differently from Users (0, Flamebait)

sumdumass (711423) | about 4 years ago | (#33131342)

Your right, because in Apple, it's a feature right? Well, at least a feature that allows it's customers to do what they want.

Oh hell, I never should have taken the bait.

Re:I hear differently from Users (-1, Offtopic)

Anonymous Coward | about 4 years ago | (#33131832)

Your right, because in Apple, it's a feature right? Well, at least a feature that allows it's customers to do what they want.

Oh hell, I never should have taken the bait.

It's = "it is"

Its = the possessive form of "it", that is, "something belonging to it"

You = a moron who fails elementary school grammar

Re:I hear differently from Users (0)

Anonymous Coward | about 4 years ago | (#33132228)

Glad you caught the bait..

You = a moron who fails trolling 101...

Re:I hear differently from Users (1)

alangerow (610060) | about 4 years ago | (#33131400)

Because people don't have to bother writing a virus to get access to Apple's products. Apple's programmers are more than good enough and leaving them backdoors all over the place. That's why it's not like PCs ... just like everything else at Apple, it's easier!

Re:I hear differently from Users (1)

h00manist (800926) | about 4 years ago | (#33131470)

You mean they never get detected, right? Iphone virii are *much* better written. The data stolen is worth much more.

Not a virus (4, Informative)

SuperKendall (25149) | about 4 years ago | (#33131498)

Macs (and the iPhone) do not yet have any active viruses in the wild.

It does not mean they cannot get them; there just are none.

This jailbreak thing is indeed a real live exploit running in the wild, but it's a trojan (kind of) since you are asking it to do one thing (display a PDF) and it does another (jailbreak the phone).

In a way it should be labeled Malware, but that hardly seems an appropriate label since it's doing the user a favor...

So there is in fact a known exploit (this PDF bug) and one instance of something that exercises it. Very likely Apple will have this patched in pretty short order - what is really interesting to see is if there will be any "real" (read: malignant) exploits. My guess is probably not, since mobile platforms do not make great zombie systems to control the way desktops do.

If it were a real virus vector the story would be different as the lure of quickly taking over millions of devices would be very strong...

Re:Not a virus (0)

Anonymous Coward | about 4 years ago | (#33131586)

what is really interesting to see is if there will be any "real" (read: malignant) exploits. My guess is probably not, since mobile platforms do not make great zombie systems to control the way desktops do.

If it were a real virus vector the story would be different as the lure of quickly taking over millions of devices would be very strong...

Why not? They make great attack drones that are reasonably difficult to trace.

Too easily overcome (1)

SuperKendall (25149) | about 4 years ago | (#33131726)

Why not? They make great attack drones that are reasonably difficult to trace.

That's true, but system updates can pretty much overwhelm anywhere a rootkit like system would attempt to hide, and users almost always install updates.

The greater willingness of users to actually install automatic system updates is (IMHO) the reason why you really don't see malware or viruses on Macs and iPhones. The whole system shuts down during an update and is pretty easily cleansed.

Re:Not a virus (2, Insightful)

ThePengwin (934031) | about 4 years ago | (#33131756)

They are not connected to the internet as much, and their bandwidth is not as great as most drone computers.
Also, using a phone as a zombie is going to be draining resources, and phones are built to process as little as possible to save battery.

They would be fantastic for data mining, and fraud, but as part of a botnet they just dont have the resources a good ol desktop has.

Re:Not a virus (1, Insightful)

WrongSizeGlass (838941) | about 4 years ago | (#33131670)

In a way it should be labeled Malware, but that hardly seems an appropriate label since it's doing the user a favor...

If you consider jailbreaking the iPhone a favor to the user. The next site that uses this gaping security hole to install a rootkit, or other malicious piece of software, won't be such a favor. This is a huge security issue for iDevices. When I posted the 'browser jailbreak' story the other day I included this (which was not included in version that posted by the editor):

The ability to modify iOS simply by visiting a website leaves these iDevices vulnerable to all sorts of malicious possibilities. I'd bet the ranch that Apple isn't the only one analyzing the website in order to diagnose this major security hole ... so are those with more nefarious intentions.

The fact that it is a PDF exploit rather than an iOS issue makes it more difficult for Apple to patch since it's not "one of their own". Clearly it's Apple responsibility to fix this ASAP (and their fault for letting it get into customer's hands), so they better get on it before someone else starts turning things into iP0wns.

PDF is iOS core (4, Insightful)

SuperKendall (25149) | about 4 years ago | (#33131766)

If you consider jailbreaking the iPhone a favor to the user.

The users who are doing it would, that's why they are doing it!

The next site that uses this gaping security hole to install a rootkit, or other malicious piece of software, won't be such a favor. This is a huge security issue for iDevices.

Oh, I totally agree - it's a pretty bad security flaw, and has nice demonstration code for how to exploit it as well so it's pretty much the worst possible case.

That's why it's so interesting to see if there are in fact followup malicious attacks.

The fact that it is a PDF exploit rather than an iOS issue makes it more difficult for Apple to patch since it's not "one of their own".

No. Apple wrote all the PDF handling code in iOS (and on the Mac). We'd see a lot more attacks like this had they embedded Adobe Reader....

Clearly it's Apple responsibility to fix this ASAP (and their fault for letting it get into customer's hands), so they better get on it before someone else starts turning things into iP0wns.

It is 100% on Apple to get a fix out. With 4.1 so close at hand, they may wait on that to finish up... or perhaps it's a sliding scale and the first sign of any real attack will bring down the update hammer if it happens before 4.1 (4.1 beta 3 just came out today and probably fixes this bug).

Re:PDF is iOS core (1)

WrongSizeGlass (838941) | about 4 years ago | (#33131868)

No. Apple wrote all the PDF handling code in iOS (and on the Mac). We'd see a lot more attacks like this had they embedded Adobe Reader...

I missed that in the story. Since it's been a part of iOS/OSX for a long time there is absolutely no excuse for it.

With 4.1 so close at hand, they may wait on that to finish up... or perhaps it's a sliding scale and the first sign of any real attack will bring down the update hammer if it happens before 4.1 (4.1 beta 3 just came out today and probably fixes this bug).

I'd be all over MS if they waited until this 'hit the fan' and I'll give Apple the same level of tolerance: zero. Apple needs to issue a fix for this yesterday.

Re:Not a virus (2, Insightful)

fuzzyfuzzyfungus (1223518) | about 4 years ago | (#33131696)

This actually illustrates what is perhaps the great security downside of locked-down systems.

Unlike open systems, they do largely prevent users from doing stupid stuff. However, because some percentage of users wish to escape the controls(which are never entirely benevolent, the temptation to rent-seek is just too strong), those users and the platform vendor become adversaries.

On an open system, the incentives of the user and the platform vendor are aligned: both want it to be as secure as possible. In a closed system, some percentage of the users actively depend on the existence of vulnerabilities, and wish to prolong that existence as much as possible, in order to secure their freedom from the platform vendor's control.

This is, of course, in addition to black hats, who have an equal desire for the existence of unknown security flaws on both closed and open platforms.

Re:Not a virus (2)

morgan_greywolf (835522) | about 4 years ago | (#33131764)

It's not really a trojan, either. Gruber is as much a moron as Dvorak. This is simply doing something the user wants done.

Could it be a a virus vector? Anything that allows the user to install and run code is a virus vector, since any running code is a potential virus, especially if it can do so without the user's knowledge, but there are cases where even software that's installed with user's knowledge can become a virus or infection vector -- that's a hybrid trojan/virus.

And iPhones are a GREAT target for virus writers. Mobility, Bluetooth, WiFi, what's not to like?

Re:Not a virus (1)

DragonWriter (970822) | about 4 years ago | (#33131810)

This jailbreak thing is indeed a real live exploit running in the wild, but it's a trojan (kind of) since you are asking it to do one thing (display a PDF) and it does another (jailbreak the phone).

In a way it should be labeled Malware, but that hardly seems an appropriate label since it's doing the user a favor...

Actually, it advertises itself to the user as a jailbreak, even if the OS feature it exploits to perform that function is the PDF reader, so its not malware at all (at least, based on any current information about what it does.) OTOH, it uses a massive security hole that could be used by malware.

Re:Not a virus (1)

interkin3tic (1469267) | about 4 years ago | (#33131828)

In a way it should be labeled Malware, but that hardly seems an appropriate label since it's doing the user a favor...

Benware? Beneware? Goodware?

Re:Not a virus (3, Informative)

Monkeedude1212 (1560403) | about 4 years ago | (#33131834)

If you don't consider a WORM a virus - than there isn't much in lines for Windows Viruses either these days. Almost everything else could be classified as trojan, worm, spyware, or other non-virus malware. I haven't had to clean a virus in a LONG time.

Mobile platforms can be a great target (1)

Beryllium Sphere(tm) (193358) | about 4 years ago | (#33132220)

Bad guys can monetize a compromised cellphone in a single step by having it call premium-rate numbers.

Re:I hear differently from Users (-1, Redundant)

Anonymous Coward | about 4 years ago | (#33131654)

Since virii isn't a real word, yes, they don't get them.

Re:I hear differently from Users (0)

Anonymous Coward | about 4 years ago | (#33131822)

It's the plural of virus [wiktionary.org] .

Re:I hear differently from Users (1, Redundant)

gringer (252588) | about 4 years ago | (#33131954)

It's the plural of virus

Er, did you read the page you linked to?

The plural virii, though common, is often considered to be incorrect, and based on a misunderstanding of Latin. There is no plural for the Latin word virus; using the native English pluralisation rules, to yield viruses, would arguably then be most correct.

Re:I hear differently from Users (1)

longhairedgnome (610579) | about 4 years ago | (#33131836)

o rly?

Re:I hear differently from Users (1)

Lunix Nutcase (1092239) | about 4 years ago | (#33131918)

Yes.

1) Virus has no plural form in Latin and as such viruses is the most accurate pluralization in English.
2) The only way virii would be correct is if virus was a masculine second declension term which it is not.

This is really tiresome (2, Interesting)

Anonymous Coward | about 4 years ago | (#33131306)

Is it really so hard to write a document viewer that can not crash? These aren't small companies. We're talking about Apple, Adobe, Microsoft here. Can't they at least get the core functionality right? I'll settle for safe if getting it right is too much to ask for.

Re:This is really tiresome (4, Funny)

plover (150551) | about 4 years ago | (#33131570)

I saw a brilliant slide at Blackhat last week that sums it up perfectly (same vendor, different product)

Native Security Functionality of Adobe Flash

[ This slide intentionally left blank ]

Re:This is really tiresome (2, Insightful)

beelsebob (529313) | about 4 years ago | (#33131672)

In the computing world we live in, where performance is everything, and correctness merely nice to have, yes, yes it is that hard. Until we start using highly abstracted, highly statically checked languages, and implementing proofs that things like buffer overruns happen, this is the sad reality we live in.

Re:This is really tiresome (1)

ThePengwin (934031) | about 4 years ago | (#33131824)

where performance is everything

Someone needs to tell adobe this, their programs have been bloating up and become more unstable with each new iteration.

Explois and wikileaks (1)

h00manist (800926) | about 4 years ago | (#33131406)

So many exploits and spy wares, you'd think more stuff would end up in wikileaks. I guess it all goes to various groups private wikileaks, known as intelligence or something similar..

Re:Explois and wikileaks (2, Insightful)

ThePengwin (934031) | about 4 years ago | (#33131914)

Its actually not hard to read the entire exploit yourself from the site. Change your browsers useragent to an iPhone like string, and inspect the javascript on the page. i scoffed when i found the function that makes the url to the exploit file:

function get_page() {
        return model == null ? null : ("/_/" + model + "_" + firmware + ".pdf")
}'

LOL (5, Funny)

Spazntwich (208070) | about 4 years ago | (#33131422)

"Just don't render it that way." - Adobe

Re:LOL (3, Interesting)

Monkeedude1212 (1560403) | about 4 years ago | (#33131530)

No the REAL LOL is the advertisement on this page.

Vulnerability Management for Dummies

Whatever Slashdot uses for it's adserver, I applaud.

Re:LOL (1)

TheGratefulNet (143330) | about 4 years ago | (#33131690)

funniest thing I've read in weeks. BRAVO!

Apple does not use Adobe Reader for PDF (4, Informative)

melted (227442) | about 4 years ago | (#33132052)

Apple does not use Adobe Reader for PDF. I thought everyone knew this by now. Apparently not.

Re:Apple does not use Adobe Reader for PDF (1)

Spazntwich (208070) | about 4 years ago | (#33132146)

Give me back my shoes. You are a dog. They don't even fit.

remote exploit (1)

jewishbaconzombies (1861376) | about 4 years ago | (#33131488)

Soooo all .pdf exploits instal Cydia? How considerate. I thought only jailbreakers did that.

I love how using Apple products makes everything so easy - Cydia for everyone! Thanks!

Jailbreak WARNING!!! (3, Informative)

daveywest (937112) | about 4 years ago | (#33131502)

Everyone's so excited about how easy this jailbreak is, the tech blogs are neglecting to report the problems with the current jailbreaks. Homescreen bookmarks no longer work on any iOS 4 devices after applying this patch. This is a known bug that's been in public knowledge for weeks, yet I've seen no tech blogs reporting the problems. Frankly, this jailbreak created more problems then solutions.

Re:Jailbreak WARNING!!! (5, Funny)

Anonymous Coward | about 4 years ago | (#33131542)

BREAKING NEWS!

Your attention please. We have a very important announcement to make. Listen carefully, because what we have to say MAY SAVE YOUR LIFE!

Today's top story: Hacks can have unintended consequences.

That is all.

Re:Jailbreak WARNING!!! (0)

Anonymous Coward | about 4 years ago | (#33131638)

Homescreen bookmarks no longer work on any iOS 4 devices after applying this patch.

Really? Homescreen bookmarks don't work anymore? I did this jailbreak yesterday on my iPhone 4 and the existing homescreen bookmarks I have work and I was able to create new ones and they work just fine. Not that I haven't had a few nagging issues but that sure wasn't one of them. And Engadget reported the problems with MMS and FaceTime before they were fixed. Just sayin'...

Re:Jailbreak WARNING!!! (1)

slimjim8094 (941042) | about 4 years ago | (#33131778)

You must have bad luck. Neither I, nor anybody I know with jailbroken phones, has any bookmark issues. I have heard of MMS and FaceTime issues, but I don't really use either.

Frankly, though, the jailbreaks are less necessary for me than they were on 2.0/3.0. Multitasking, copy/paste, Bluetooth keyboards etc are all built in now, and done better than the unofficial apps (as professional as they are). I was browsing through Cydia the other day and while I installed the usual MobileTerminal, ssh, etc - that I didn't really need any of the stuff I'd had. I'll keep it jailbroken for now, since I'm developing a GPS utility that doesn't work properly in the simulator, and I want to finish it before I spend the $99. But I'm - for the first time - not too worried about losing the jailbreak from a practical standpoint.

Youtube fix (1)

copponex (13876) | about 4 years ago | (#33131854)

If you are having trouble with the homescreen, there's a new jailbreak using a youtube video that should work:

http://www.youtube.com/watch?v=Tg4u7ko333U [youtube.com]

Re:Youtube fix (0)

Anonymous Coward | about 4 years ago | (#33132336)

Thanks! I tried what that video suggested and it fixed everything!

Re:Jailbreak WARNING!!! (1)

exomondo (1725132) | about 4 years ago | (#33132140)

Everyone's so excited about how easy this jailbreak is, the tech blogs are neglecting to report the problems with the current jailbreaks. Homescreen bookmarks no longer work on any iOS 4 devices after applying this patch.

What other problems are there? Facetime and mms were fixed and i haven't seen your issue crop up on any of my friends' devices.

PDF? (1, Insightful)

Exitar (809068) | about 4 years ago | (#33131562)

It's Adobe's revenge!

Re:PDF? (1)

clone53421 (1310749) | about 4 years ago | (#33131650)

No. Didn’t you read TFS? The PDF renderer is a native part of OS X. Adobe had nothing to do with it.

Re:PDF? (5, Informative)

cbhacking (979169) | about 4 years ago | (#33132350)

Not only is it native, it's really, really insecure. A security researcher named Charlie Miller wrote a 5-line Python script to generate fuzzed (slightly corrupted) PDF files from valid templates. He created roughly 2.8 million of these, and then ran them through Apple's Preview program, and through Adobe Reader. His findings:

0.09% crash rate on Reader, and 4 exploitable bugs found.
5.6% crash rate (52x as many), and 61 exploitable bugs found (15x as many).
When your security is more than an order of magnitude worse than Adobe's, you've got a major problem.

By the way, this is the guy who won an iPhone at Pwn2Own. He's presented at CanSecWest and Blackhat, and possibly elsewhere. He knows his stuff.

The new jailbreak is amazing (3, Informative)

mewsenews (251487) | about 4 years ago | (#33131566)

I came into the office this morning and noticed that a forums thread I monitor on jailbreaking had exploded over my long weekend. I checked the iPhone dev team blog and they explained that there is a new jailbreak that you can visit with the browser on your phone.

I navigated to the page on my phone and it said "swipe here to jailbreak".

I swiped.

It took about 5 minutes to jailbreak my phone and install the Cydia unofficial app store.

Simply amazing work. Once I had Cydia I installed ultrasn0w from the repository and now my phone is carrier unlocked.

Great job, hackers!

Re:The new jailbreak is amazing (5, Insightful)

roman_mir (125474) | about 4 years ago | (#33131644)

Yes, excellent job. Now you just ran an app on your hand held computer that rooted it from a browser. Amazing work of the hackers aside, are you certain you now know for sure your phone is not spying on you and is not going to be used for something you do not want, like someone else using your connection for long distance calls or for spam or DDOS attacks or just a part of some cellular botnet?

Amazing job - someone rooting your phone through a PDF.

Re:The new jailbreak is amazing (0, Redundant)

Darkness404 (1287218) | about 4 years ago | (#33131674)

As opposed to running a nearly entirely closed system on your phone with a network who has helped the NSA on multiple occasions on warrantless wiretaps?

Lets face it, the "hackers" most likely are going to be better than a power-hungry corporation which assists the government whenever possible.

Re:The new jailbreak is amazing (5, Insightful)

Anonymous Coward | about 4 years ago | (#33131864)

Pardon my language, but, what the fuck?

If my web browser is such that browsing to a page can lead to code execution as root, that's bad. I don't care if the system is open or closed or what government agency might be listening in, it is a serious vulnerability any way you slice it. It should be patched.

Your comment is entirely irrelevant to the post it is replying to. You're phrasing it as a rebuttal of some kind, but it does not say anything to this point.

Re:The new jailbreak is amazing (0)

Anonymous Coward | about 4 years ago | (#33131890)

You know, you don't have to reserve all of your paranoia for the government. Are you really more worried about warrantless wiretaps than about completely anonymous people on the internet having the ability to take over your computer? Do you realize that -- even if we think the absolute worst of our government, and all yours fears are real -- the latter group is a superset of the former? Feel free to be paranoid, but try not to be stupid about it.

Re:The new jailbreak is amazing (1)

lennier (44736) | about 4 years ago | (#33132302)

Are you really more worried about warrantless wiretaps than about completely anonymous people on the internet having the ability to take over your computer?

Well, most completely anonymous people on the Internet don't, eg, have access to nuclear weapons and Navy SEALs.

The US government does.

Just sayin'.

Re:The new jailbreak is amazing (4, Insightful)

roman_mir (125474) | about 4 years ago | (#33132086)

Your comment is ridiculous, yet moderated at +5 Insightful. If your computer can be owned through a web browser by opening a PDF, then your computer is insecure, this is the issue.

If you buy products from a company that does not release source code that is a different issue completely. Yes, a company can be providing governments with your information. No, it does not make it OK for the phone from that company to be exploitable the way iphone is.

Re:The new jailbreak is amazing (2, Informative)

jazzmans (622827) | about 4 years ago | (#33132356)

Uhm, if you read on the jailbreak page, after the phone is jailbroken, and Cydia installed, they (the hackers who wrote the exploit) then fix the flaw in safari so that no more code can be run to root the phone.

So, yes. It is a benefit, since there is obviously a serious flaw in the os & jailbreaking it fixes the flaw.

Oh yeah, and no mms or bookmark issues for me either. It Just Works.

jaz

Re:The new jailbreak is amazing (2, Funny)

cbhacking (979169) | about 4 years ago | (#33132014)

That's the Apple stance on kernel-level remote code execution exploits: It Just Works!

Re:The new jailbreak is amazing (0, Troll)

Fumbili (1820232) | about 4 years ago | (#33132046)

All your iPhone are belong to us!

Adobe Strikes Back! (1)

agent_vee (1801664) | about 4 years ago | (#33131572)

Jobs has yet to slay the beast

Re:Adobe Strikes Back! (1)

Kitkoan (1719118) | about 4 years ago | (#33131646)

Jobs has yet to slay the beast

Problem is for all of Jobs complaining about Adobe (and more accurately Flash), Jobs seems to love Flash. While its not on the iPhone, it is installed by default on every Mac and is the only major OS that does that. Windows, OpenSUSE, Ubuntu, these need you to go get Flash after you've installed the OS. OSX has it out of the box showing that Jobs does indeed feel a big love for Flash and feels it really is something that helps make a system feel "more complete" and ready for the mass market.

Re:Adobe Strikes Back! (4, Insightful)

fuzzyfuzzyfungus (1223518) | about 4 years ago | (#33131754)

They may have stopped in later versions(my job description requires supporting XP, and you have to pay me to care about windows, so that is where my knowledge lies); but MS included flash in XP [microsoft.com] . It is version 6; because base XP is older than dirt; but they did include it.

More relevant to modern readers, most OEMs seem to ship consumer-focused systems with vaguely up-to-date-but-just-a-bit-behind versions of Flash(and acrobat reader, and other stuff). This isn't strictly microsoft's fault; but it is what you are likely to get out of the box.

Re:Adobe Strikes Back! (1)

yuhong (1378501) | about 4 years ago | (#33132040)

In fact, even 98 did, and I know this because I once installed 98.

Who cares? (-1, Troll)

Anonymous Coward | about 4 years ago | (#33131602)

It's just a bunch of goosestepping faggots anyway.

Duh... pointed out ages ago (0)

Stoobalou (1774024) | about 4 years ago | (#33131612)

Re:Duh... pointed out ages ago (4, Informative)

pclminion (145572) | about 4 years ago | (#33132158)

Yeah, I always refer to stuff that happened earlier today as "ages ago."

So what is it exactly? (1)

UnknowingFool (672806) | about 4 years ago | (#33131648)

It says that it's caused by a PDF vulnerability in iOS, but is it in Apple's PDF viewer or in PDF itself?

Re:So what is it exactly? (1)

wervr (712696) | about 4 years ago | (#33131750)

obviously both

Re:So what is it exactly? (1)

DragonWriter (970822) | about 4 years ago | (#33131758)

It says that it's caused by a PDF vulnerability in iOS, but is it in Apple's PDF viewer or in PDF itself?

Its obviously in Apple's PDF viewer, whether or not its a result of that viewer being a direct implementation of the spec.

But I'll be surprised if anyone can point to anything in any version of the PDF spec which requires a conforming implementation to allow unrestricted access to the underlying OS. It may require that certain APIs be available, but I'd be very surprised if it didn't allow those APIs to return errors if code running in a PDF document attempted to use them in a way which would violate the basic integrity of the underlying OS.

Re:So what is it exactly? (5, Informative)

cbhacking (979169) | about 4 years ago | (#33132180)

It's a bug in the font rendering component, which apparently lives in kernel space. PDFs are allowed to embed fonts, and apparently Preview doesn't verify the font data before tossing it to the renderer. Apparently the renderer doesn't verify it either, because instead of rejecting the data as invalid, it gives the attacker completely unrestricted control over the software.

PDFs having embedded fonts is a very useful and entirely reasonable feature. It would help if Preview validated the fonts, but that's not entirely required (you could validate somewhere further down the pipeline, so long as you don't try to process the unvalidated data). There are several other ways to remotely load fonts, ranging from other document formats to the Web Open Font Format (http://www.w3.org/Submission/2010/03/) and some CSS in a web page. There's a decent chance that at least a few others are vulnerable to this exploit. However, there's been considerable research recently into Apple's PDF reader, with one researcher finding 60 different exploitable bugs in the software (though most of them probably aren't kernel). By comparison, the same testing data found three exploitable bugs in Adobe Reader.

Having font rendering/rasterizing in the kernel is... not brilliant, but not inherently a critical security flaw. It's certainly possible to do in userland, and probably safer, but displaying text is something that almost every app will need to do at some point, and putting it in the kernel will minimize memory footprint and maximize performance. The real WTF here is that the data isn't being validated extremely carefully as soon as it enters the kernel, and possibly before. When kernel-mode code starts parsing unvalidated data, the best you can really hope for is that you get a kernel-mode crash and are forced to do a hard reboot (on Windows, this would be a BSOD).

Now we just need jailbreakers to fix the hole (1)

Myria (562655) | about 4 years ago | (#33131700)

Now we just need the jailbreak team to release a Safari/Preview patch to fix the hole. That way, we won't have to go to 4.0.2 in order to be safe from the PDF exploit, thus locking us out from the jailbreak.

Re:Now we just need jailbreakers to fix the hole (0)

Anonymous Coward | about 4 years ago | (#33131744)

they have released a patch to fix the whole via cydia. Well not fix but warn you before loading any pdf file so you can chose whether or not to expose your phone to a risk.

Amazing those hackers.

Interesting... (2, Insightful)

Anonymous Coward | about 4 years ago | (#33131728)

That Tavis Ormandy is torn apart for releasing a more complicated vulnerability, but jailbreaking your phone just by clicking a url is widely celebrated. How difficult is it really gonna be to weaponize this jailbreak...

The white man's burden (0)

Anonymous Coward | about 4 years ago | (#33131772)

Cuz ain't no brothas dat can affo'd dis fone.

MacGruber? (0)

Anonymous Coward | about 4 years ago | (#33131880)

MacGruber?

not really that great a piece of work is it? (1, Offtopic)

Serendip7 (936348) | about 4 years ago | (#33132178)

This exploit was already fixed in OSX with a patch..

http://support.apple.com/kb/HT4131 [apple.com]

Comex basically just diff'd what was fixed in the latest OSX patches against what was in the last iOS patch. Then read up on this patch that hasn't made it to iOS yet. FYI, this won't work if you have 4.1 beta or higher installed supposedly (cuz Apple already had the patch bundled up ready to go when they release the next build)...

The real credit goes to Charlie Miller who found this problem in the first place.

http://www.appleinsider.com/articles/10/08/03/browser_based_ios_jailbreak_utilizes_scary_pdf_security_hole.html [appleinsider.com]

The funny thing I found was that Charlie Miller was given credit by Apple in the patch note.. "Credit to Charlie Miller working with TippingPoint's Zero Day Initiative for reporting this issue." but then Charlie tweets about p[articular exploit.. "Very beautiful work,"... "Scary how it totally defeats Apple's security architecture."

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>