Security Warning! Both Jailbroken and Non Jailbroken devices..

Discussion in 'iPad Hacking' started by MikesTooLz, Aug 3, 2010.

  1. MikesTooLz

    MikesTooLz
    Expand Collapse
    Super Moderator
    Staff Member

    Joined:
    May 7, 2010
    Messages:
    2,361
    Thanks Received:
    19
    Right now the PDF exploit that jailbreakme.com is using to jailbreak your device is a HUGE security issue. Right now you could brows to a website set up by an attacker that would install a virus onto your device the same way jailbreakme.com can execute their own code and jailbreak your device. You should open Cydia as soon as possible and install the package named "PDF Loading Warner"
    [​IMG]

    After installing this patch, when ever a website tries to open a PDF file you will get a warning message giving you the option to continue and open the pdf or cancle. After installing this patch go back to jailbreakme.com and test that the patch is working by sliding the jailbreak me bar as if you were going to jailbreak the device. Instead of the jailbreak starting you should get a popup that looks like this.
    [​IMG]


    This doesnt completely block the security hole, it just prompts you when a PDF is loading in safari so that a website cant just load one without you knowing. If you have not jailbroken your device, now might be a good time to do it. Even if it just to apply this patch so that your device is not vulnerable to websites that may try to attack it. Apple should put out an updated iOS real soon to fix this. within the next few days, but until then be careful with the websites you visit if you don't apply this patch.
     
    #1 MikesTooLz, Aug 3, 2010
    Last edited: Aug 4, 2010
  2. DarkLordEnron

    DarkLordEnron
    Expand Collapse
    iPad Fan

    Joined:
    Jul 25, 2010
    Messages:
    121
    Thanks Received:
    0
    Thanx for the heads up!
     
  3. MikesTooLz

    MikesTooLz
    Expand Collapse
    Super Moderator
    Staff Member

    Joined:
    May 7, 2010
    Messages:
    2,361
    Thanks Received:
    19
    better to be safe than sorry. now that this is out in the open, the bad guys can start putting out hacked websites that install virus on iDevices.
     
  4. ch4rly

    ch4rly
    Expand Collapse
    iPF Novice

    Joined:
    Jul 30, 2010
    Messages:
    30
    Thanks Received:
    0
    Quite funny that you need to jailbreake to make your device safe :D

    I installed the warner, but it also warns me when opening PDFs in iBooks, on each page change twice, what is really annoying. Is the exploit not only a safari issue?
    Is there an workaround or update planned for that?
    Thanks in advance!
     
  5. MikesTooLz

    MikesTooLz
    Expand Collapse
    Super Moderator
    Staff Member

    Joined:
    May 7, 2010
    Messages:
    2,361
    Thanks Received:
    19

    Yeah the bug is in apples PDF reader so it effects both affair and iBooks. However in iBooks you shouldn't have an bad PDFs loaded. Don't know if a fix will be made to make th warning not show in iBook.

    I'm sure once apple putes out a quick patched iOS update someone will make a patch for 3.2.1 and you can then just remove the warning package.
     
  6. Hussainal

    Hussainal
    Expand Collapse
    iPF Novice

    Joined:
    Jun 18, 2010
    Messages:
    21
    Thanks Received:
    0
    Thanks for the info..
     
  7. gouletjo

    gouletjo
    Expand Collapse
    iPF Novice

    Joined:
    May 31, 2010
    Messages:
    65
    Thanks Received:
    0
    Thanks!! Great advice!
     
  8. DawgBone

    DawgBone
    Expand Collapse
    iPF Novice

    Joined:
    May 20, 2010
    Messages:
    16
    Thanks Received:
    0
    Can't you just change the password for Mobile and SSH and no longer be vulnerable?

    I would assume that an attacker would have to have elevated privileges to exploit any code on the device... Even if you opened the .pdf.....

    They would have to bank on the users' not changing the default "alpine" password....
     
    #8 DawgBone, Aug 5, 2010
    Last edited: Aug 5, 2010
  9. MikesTooLz

    MikesTooLz
    Expand Collapse
    Super Moderator
    Staff Member

    Joined:
    May 7, 2010
    Messages:
    2,361
    Thanks Received:
    19
    100% wrong.


    what your talking about is for users who jailbreak and then install openSSH and leave the default password.

    right now everyone and be attacked by this pdf bug.
    How do you think the jailbreak website is able to run custom code and jailbreak your device?
     
  10. DawgBone

    DawgBone
    Expand Collapse
    iPF Novice

    Joined:
    May 20, 2010
    Messages:
    16
    Thanks Received:
    0
    I "thought" that they just found a hole to inject code.... I figured that they wouldn't have been able to execute it, without knowing root's PW.... and thus why they can run their exploit, being that everyone knows all stock IDevices' root PW's.....

    and why I was asking....

    I don't think(or at least I haven't read it) @Comex has published exactly how he is doing this, although he has mentioned the general method...

    BTW.. the jailbreakme.com JB does install OpenSSH....
     
    #10 DawgBone, Aug 5, 2010
    Last edited: Aug 5, 2010

Share This Page



Search tags for this page

how to change root password on unjailbroken ipad

,

jailbreak ssh root user changing

,

no ssh dwwgbenke

,

ssh non jailbroken ipad