PDF Security Exploit Allows ‘JailbreakMe’ Website to Jailbreak iPhones and iPad Over the Web

Jim Dalrymple:

Unlike some jailbreaking apps, JailbreakMe.com does not require a third-party app. All you have to do is visit the JailbreakMe.com on your iPhone and follow the onscreen instructions. When it’s done, your phone will be jailbroken.

Yikes. It’s odd how the press is mostly covering this as “jailbreaking now more convenient” rather than “remote code exploit now in the wild”.

Here’s an analysis by Ching-Lan Huang suggesting that it’s using a PDF heap overflow to execute code. But Huang is wrong — Apple has its own PDF rendering engine, it doesn’t use Adobe’s, and the heap overflow bug Huang points to is in the Acrobat PDF renderer. Charlie Miller says it’s exploiting a PDF font bug in Apple’s renderer, and says:

Starting to get a handle on jailbreakme.com exploit. Very beautiful work. Scary how it totally defeats Apple’s security architecture.

Monday, 2 August 2010