Monday, August 16, 2010

iPhone Jailbreak Exploit Code Goes Public


The mind behind a new jailbreak for the iPhone released source code for his tool, which leverages two vulnerabilities in Apple’s iOS mobile operating system that can be used to take over iPhone, iPad and iPod touch devices. He posted source code attackers could use to compromise devices. "Comex," posted code for JailbreakMe 2.0 on the Web Aug. 11 after Apple released a pair of fixes for the iOS bugs the jailbreak leverages (patches). The first issue exploited is a FreeType CFF (Compact Font Format) handling issue, exploitable via Mobile Safari to gain access to affected devices. The second issue exploited is an IOSurface framework issue that allows for administrative privileges to be obtained.  If the bugs are exploited successfully, they could allow an attacker to remotely compromise a device and take full control.

According to an advisory from Apple, the patches–which came roughly a week after JailbreakMe 2.0 hit the street - are available for: iOS 2.0 through 4.0.1 on iPhone 3G and later, iOS 2.1 through 4.0 on the iPod touch (second generation) and later and iOS 3.2 and 3.2.1 for the iPad.  See my earlier post on iPhone jailbreak (http://darkcell9.blogspot.com/2010/07/jailbreaking-apple-iphone-gets.html)

No comments: