It’s not the first time this has happened, last time jailbreakme did the same thing back in August 2010 – Dangerous iPhone iOS JailBreak Exploit Goes Public.

The exploit is quite a nasty one, and the irony is this time – only users that have applied the Jailbreak then the additional ‘PDF Patcher 2′ software (from Cydia) are safe from this. Users running the vanilla version of iOS are actually at risk.

Hours after developers revealed they had exploited bugs in Apple’s iOS to “jailbreak” iPhones and iPads, German government security authorities warned that one of the flaws could be put to malicious use.

Malformed files that exploit the vulnerability have been publicly posted on the Internet. Late Wednesday, Germany’s Federal Office for Information Security, known by its German-language initials of BSI for “Bundesamt fuer Sicherheit in der Informationstechnik,” warned citizens that the iOS bug could be used by criminals to hijack iPhones, iPads and iPod Touches.

“Even clicking a crafted PDF document or surfing to a website with the PDF documents are sufficient to infect the mobile device with malicious software,” the BSI said in a translation of the German-language alert .

PDF files that successfully exploit the vulnerability are available on the Web, according to Mikko Hypponen, chief research officer of Helsinki-based antivirus company F-Secure. And those PDFs could be used by miscreants to hack iOS devices simply by luring users to malicious sites, said Andrew Storms, director of security operations at nCircle Security.

iPhone and iPad users steered to a malicious PDF — via a link embedded in an email, for instance — would not receive any warning or be required to take additional action.

I hope Apple gets their act together and pushes out the patch for this ASAP as I foresee some kind of iPhone/iPad targeted worm coming out of this fairly shortly.

It took them 10 days to patch a similar pair of exploits back in August 2010 so we should be expecting a patch by the end of this week (mid-July sometime).

The worrying part when it comes to business/agencies/government etc – is that these exploits could be used to target specific individuals of importance. All you need to know is the e-mail address they access on their iPhone/iPad and do a bit of social engineering and you’re in.

The BSI warning came just hours after a group of developers released an updated version of JailbreakMe, a tool that hacks iOS so iPhone and iPad users can install software not sanctioned by Apple.

Those developers exploited a pair of vulnerabilities, including one in the font parsing of the PDF viewer integrated with the iOS version of Safari, and another that bypassed anti-malware defenses such as ASLR (address space layout randomization). Wednesday, security experts said that the same vulnerabilities, particularly the one exploitable through malicious PDF files, could be used by criminals to hijack Apple’s popular iPhone and iPad.

“They’re certainly a threat, and would be easy to make malicious,” said Charlie Miller, a noted Mac OS X and iOS vulnerability researcher who works for Denver-based Accuvant.

Miller also speculated that Apple would quickly patch the vulnerabilities, perhaps even faster than last year when it faced a similar situation. In August 2010, Apple patched a pair of bugs used by JailbreakMe 2.0 just 10 days after the tool’s release. News of JailbreakMe 3.0′s impending release had leaked several days before Wednesday’s official launch, noted Miller, and should have given Apple even more warning.

Yesterday’s BSI alert was similar to one it issued last August after JailbreakMe 2.0 appeared.On Thursday, Apple said it would fix the flaws.

Of course the ‘developer’ version of iOS 5.0 is already out and I guess someone people are using this, most iPhone/iPad users have been waiting for that major update – but I’m guessing Apple will have to push a patch out for this before the 5.x major release.

There’s another interesting and relevant article on this topic here:

The problem with doing – and not doing – an iPhone jailbreak

It’ll be interesting to see what comes of this and if any kind of iPhone/iPad chaos is going to occur due to these exploits.

Source: Network World

Shortly after that the developer of the JailbreakMe exploit released the code to the public via GitHub. The code is available in full here:

http://github.com/comex/star

But is not well documented, that won’t stop the more advanced coders using it with malicious intents in mind.

Minutes after Apple issued a security update Wednesday, the maker of a 10-day-old jailbreak exploit released code that others could put to use hijacking iPhones, iPod Touches and iPads.

“Comex,” the developer of JailbreakMe 2.0, posted source code for the hacks that leveraged two vulnerabilities in iOS and allowed iPhone owners to install unauthorized apps. Apple patched the bugs earlier Wednesday.

The exploits that comex used to jailbreak the iOS could be used for other purposes, including delivering malicious payloads to grab control of iPhones, iPads, and iPod Touches. All that would be necessary is for hackers to dupe users into visiting a malicious Web site or persuading them to click on a link in an e-mail or text message. “Impressive. And dangerous,” said Mikko Hypponen , chief research officer at antivirus company F-Secure, on Twitter early today of the exploit code.

It may not be long before comex’s work is turned into a weapon for attacks that gain “root” access, or complete control, of iPhones and iPads.

This could be pretty dangerous, even though Apple has released a patch to address the issue – honestly how many people will apply the patch? And will they do it in a timely fashion? There’s always that window between the release and the majority of devices being secure that leaves things wide open to exploitation.

I’d be on the lookout for some serious malware to come out within the next week or so leveraging this method of exploitation. Could a large scale iPhone worm be the next big thing? I certainly think it’ll be more malicious that the previous rickrolling SSH bug. That was of course also followed up with a malicious iphone worm based on the same weakeness.

Noted Mac vulnerability researcher Dino Dai Zovi, co-author of The Mac Hackers Handbook , chimed in with a warning of his own. “Now that @comex released his jailbreak source, any bets on how long before it is ported to Metasploit?” Dai Zovi tweeted Wednesday.

Metasploit is the open-source penetration testing framework that some use as a hacking toolkit.

Apple did not patch 2007′s first-generation iPhone or iPod Touch yesterday, delivering the update only to the iPhone 3G or later running the iOS 2.0 or later, and to the second-generation iPod Touch or later running iOS 2.1 or later. Lacking patches, those early models may be vulnerable to attack.

Also possibly at risk: Mac OS X. Like iOS, Apple’s desktop operating system includes the FreeType font engine, which may be vulnerable to the same or a similar exploit.

And users who have used comex’s code to jailbreak their iPhones have a decision to make. If they accept Wednesday’s update, they lose the ability to install and run software not approved by Apple. But by ignoring the update, they may be victimized by future attacks based on the public code.

By making the code public comex has introduced a lot of interesting factors, does this exploit work on Mac OSX? Are older iOS devices vulnerable (because Apple has not released a patch for them)? What is going to come from this?

No-one can fault comex for his actions, he was offering a free solution for users to Jailbreak their devices and when Apple had patched the flaw he released the code.

Source: Network World

The big news in the Apple-sphere recently was the released of iOS 4, which *shock&awe* has folders and multi-tasking – w00t.

You can of course jailbreak it with the newly updated PwnageTool 4.01.

On Monday, Apple released firmware 4.0 for the iPhone and iPod touch devices. This of course was a major upgrade.

As advised, you shouldn’t have upgraded your devices if you have previously relied on our tools for hacktivation and/or a carrier unlock.

With that said, today we are releasing PwnageTool 4.01

PLEASE READ THIS ENTIRE POST CAREFULLY, THERE ARE KNOWN UPGRADE TRAPS AND DIFFERENT UPGRADE SCENARIOS THAT NEED TO BE FULLY UNDERSTOOD AND CONSIDERED BEFORE USING THESE TOOLS.

Each supported device has few different scenarios that users need to consider when performing the upgrades, you need to check below and perform the upgrade in the particular way that matches your current device state.

NB: With PwnageTool 4.01 certain devices are not supported this is because they are not supported in iOS 4.0 or they are not supported by our software. We’re working on ways to get past these restrictions.

• iPhone 2G – not supported
• iPod Touch – not supported
• iPod Touch 3G – not supported

Check out the full post for all the details and the download links.

Source: iphone-dev

Once again Apple iPhone has been unlocked by a determined youngster, the same who was amongst the first to unlock it last year winning himself a rather nice car and a few 8gb iPhones.

It just shows nothing is infallible, all he needed to find was a writable memory address and he was pretty much done (he used a much higher range of registers than previously).

A teen hacker known for his deftness with iPhones has figured out how to unlock models running the latest firmware versions by cracking a protection that has frustrated hackers for weeks.

The breakthrough by George Hotz, aka Geohot, means people who have bought a recent iPhone will once again be able to use it on the phone network of their choice. Apple makes as much as $400 for every handset that’s activated on an approved network, so its developers have worked hard to prevent the so-called unlocking of iPhones.

A very smart young man indeed, just showing 1 person can indeed defeat the security of a huge multi-national billion dollar company.

And he’s done it twice.

The latest salvo was fired late last week, following a 24-hour hacking spree by Geohot that was broken up by only three hours of sleep. It turns out the latest firmware contained modifications to the device’s memory registers to prevent unlocking. Geohot worked around those changes by finding another, much higher register that was vulnerable.

“I guess Apple thought big numbers were harder to guess,” he wrote.

He then found a way to install his custom-built code by exploiting a flaw that allowed him to erase a range of memory addresses where security software is stored.

An amazing 27% of iPhones are running on unauthorized networks which means they are cracked. Of course Apple will soon come out with a new firmware update that negates this problem….but then the game will just start all over again.

And no one doubt Geohot or someone like him will break it again.

If you want to know how to do it check out step-by-step instructions here from iClarified here.

Source: The Register