I’m sure everyone agrees that JailbreakMe 2.0 released by Comex yesterday is the easiest method to jailbreak iPhone.
Comex has managed to develop a web-based method by using a security hole in iOS 4, iOS 4.0.1 for iPhone and iPod Touch and iPhone OS 3.2, iOS 3.2.1 for iPad.
Here’s a brief description of how Comex has managed to jailbreak iOS using web-based method:
The jailbreak stuff saved as FlateDecode stream within that PDF file, and vulnerability occurs when Mobile Safari loaded the PDF file, letting iOS to parse the FlateDecode filter, and use the font file inside, then Kaboom.
Experts have raised concern that the security vulnerability in iOS could be exploited in a similar way by malicious websites to install malware.
It is important to note that the security hole has been around for quite sometime so it could have been used by malicious websites, its funny how the experts who were sleeping until now are blaming jailbreaking for exposing the security hole. In this particular situation, jailbreaking offers users a solution to prevent malicious websites from using the security hope in iOS.
If you’re concerned about the security hole then you can follow these steps if you’ve jailbroken your iPhone:
Update:
You can install PDF Loading warner - jailbreak app from Cydia (search for pdf and you should be able to find the jailbreak app), which is a lot easier than installing the .deb file mentioned below. Thanks everyone for the tip!
- Download this .deb file from Will Strafach (@cdevwil) and open it on your your iPhone, iPad or iPod Touch using iFile, which is a file manager that can be installed using Cydia.
- Navigate to /var/mobile and then double tap the .deb file to install it.
After installing the .deb file, you will get the following warning message if a website is automatically trying to open a PDF file:
“View File? The application wants to display a PDF on your device. There is a known bug in the PDF loading code that makes the running of arbitrary code possible, which could compromise your system. Are you sure you want to continue?”
If you don’t trust the website then tap on the ‘Cancel’ button or tap ‘Load’ button to continue.
As you can see, installing the .deb file does not patch the security loop hole but it does warn you against possible malicious attacks.
Based on the nature of the security loophole in iOS, it is widely speculated that Apple will fix it in iOS 4.1, which is currently in beta.
However, iPhone Dev Team and Comex don’t seem worried as chpwn recently tweeted:
You should know that there are /lots/ of public exploits out there, and @comex's JailbreakMe just uses one of them. No big de
So it looks like the cat and mouse game between Apple and the iPhone hacking community will continue, which means that iPhone jailbreakers and unlockers should avoid upgrading to iOS 4.1 when it is released. Users should wait for Comex or iPhone Dev Team to provide an update on how it impacts a jailbroken or unlocked iPhone.
Are you worried about the security hole or glad to be able to jailbreak your iPhone? Tell us in the comments.
[via MacStories]
I am not worried, it is something that has been around as you mentioned, and most people who can develop malware already knew about these exploits.
I am glad that Comex and team were able to do this jailbreak and so far it is working great!
im just happy that the cry babys out there can now shut the hell up thanks DEV Team
sweet, thank you, gotta always stay protected lol
everytime i try this is what i get Oops… it look like the installer crashed last time you tried to jailbreak. it might work of you try again. can i get some help
Thank you so much COMEX. You are the best, you did great job, I'm so glad for you. Now i can use my GPS Igo and Tom Tom and some games. Appreciate my friend.
i dk why people made malicious softwares for iphone . i dont get the hole point to stealing data from a user.. at my point it doesnt make sense. just stupid people do this for what? i really dont know but if i were them i will help @comex to keep developing jailbreaking softwares for iphones ios.
you should try to restart your iphone and try the alternate site. it worked for me
soooo true!!! lol
Your welcome! and thanks all of u for supporting and for the donations *thumbs up*
just use the alternate link
http://jailbreakme.modmyi.com/
worked for me!
try closing safari from the multitasking part if that dont work then just restore it phone and try again
You guys are talking about only Face Time and MMS..but, I dont know if anyone had observed one minor issue even though that does not stop the jailbreaking…
The minor issue is – after jail breaking, if you reboot your any iphone(including 4), you would see a proceesing circle revolving on top of apple logo and right above the apple logo, you would see a small strip (a line , i can say) with bunch of colors formed…you would not see that processing circle and a multi colored strip while booting up….but phone works fine once started up….
I found this issue with iphone 4 and 3g…I restored my iphone 4 and I did not see any processing cicle on apple logo or colored strip(a line) while booting up..
i hope, u understood what I am saying..take care..
So let's make it clear for everyone. This security hole is on the 4.0, 4.0.1 iOS meaning that wether or not you jailbreak, you are vulnerable not just those who decide to jailbreak. This sorta makes it seem like it's a jailbreak downside.
turn off pup up blocking in safary… it gonna work
When I navigate to the \var\mobile folder I do not see this deb file. All I see are 4 further sub-categories I can expand: Applications, Documents, Library, and Media. Searching through them I haven't been able to locate the .deb file yet. Any advice?
Just tried to download This .deb file into iFile and it doesn't work. It appears to download then a window pops up that states what the file name is and the button Open in iFile and nothing happens. Some help would be appreciated. Thanks again guys!!
Looks like steve jobs would put the blame on adobe and say – this only happens when one opens pdf documents – they might even stop people from accessing pdf documents and may be even BAN adobe reader
This is precisely what I am experiencing as well. Any suggestions?
So really, the hole is there for ANYONE on ios4 jailbroken or not, but only jailbroken people can install the deb file that warns against pdfs. So in this case is is far safer to be jailbroken! Take that in Apple!
There are always people who bitch and nag…and turn something as beautifully elegant as this jailbreak into something nasty…i think its a case of jealousy as no one had figured this out for a jailbreak yet..i am a huge fan of this jailbreak because of its simplicity and functionality…anyone who doesnt like it can go bitch somewhere else…DEV TEAM IS AMAZING
When i downloaded tomtom using cydia and installous even though i downloaded and installed cant find it on iphone….any clues?
yes i do i had to restor my phone 3g becuse of the same thing and my internet and mms would not work hope they can fix it
It's in cydia now as "PDF Loading Warner. So if you can't get the .deb file in there manually, just download it via cydia!
You got owned lol!
I had this problem I think the download timed out just before completion, you are far better using navigon as you do not need to purchase an over priced tom-tom mount to use it. If you already have the mount kit then go ahead, I find navigon as good if not better. Jailbreak is a great one keep up the good work, I'd say apple will keep quiet about this one….,
Poo for it in cydia under PDF Warner, I had the same problem and then install it
I meant look for it(?)
You have to download ifile first then download
big boss made a app call pdf loading warner in the in cydia now this method is useless now.. thanks
SHOULD I UPGRADE???
3GS, 3.1.2. 05.11.07 OLD BOOTROM
JB/UL W BLACKRA1N
is there a benifit for me to upgrade to 4.?
anybody have any first hand feedback?
or should I be happy with what I have?
ANYBODY'S FEEDBACK WOULD BE GREAT!!!
THANKS
hahahahahahaha EXACTLY!!!!!!
The colors at the top of the boot screen are supposed to be there. That's the payload stuffed into the framebuffer. Comex talks about it on his twitter.
RIM unveils new BlackBerry Torch!!
the secret is… restore your iPhone to factory settings using itune.
before you are asked to restore from backup or setup a new iPhone…disconnect run the jailbreakme.com and it will work.
after the JB you can restore from backup.
i cant find rotation inhibitor with this jailbreak … any ideas ?
ok can you u use a security app from the appstore or you have to get one from cydia.using iphone 3GS on 4.0.1 and is ifile safe and haves no problems with it
i install it by just typing pdf on cydia that warns you if a sie haves pdf in it of somthing.now i should be a little bit safer
Much easier to just download and install the PDF file warner file from Cydia. Works great.
The iphonehacks article should be updated!
go into settings –> safari and set it to allow cookies always. that worked for me after i had that same problem.
Thanks, we've updated the post.
Thanks everyone for the tip as well.
I'm pissed why can't the Dev Team figure out a way to do it faster better yesterday not tomorrow WTF. it took long enough….o and can they figure out a hack to change my case to White!
Just Kidding its boring nobody bitching about the Jailbreak…………
Comdex, thanks for the great work. Now my mom does not have to worry about her iphone 3gs running out of battery.
Everyone, don't forget to donate to Comdex.
Haw do i do dis??