Hackers at Redmond Pie outlined details of the Pwn tool allowing users to jailbreak the latest iOS, version 4.3.4. However, one mitigating factor is that the jailbreak hack does not apply to the iPad 2.
Jailbreaking allows users to circumvent security mechanisms in Apple’s mobile devices such as iPhones and iPads running iOS, to run applications not authorized by Apple’s App Store.
“Apple has just pushed out iOS 4.3.4 for the iPhone, iPad and the iPod touch. And thankfully, we have cooked custom PwnageTool bundles which allows you to jailbreak any device (except for iPad 2) running iOS 4.3.4, and at the same time preserve your baseband for an Ultrasn0w unlock later on,” said Redmond Pie’s Uzair Ghani in a blog post.
Thus far the jailbreak is tethered, indicating that users will need to reboot their iOS device by physically connecting it to their computer in order to maintain the jailbroken state.
“No matter how annoying it may sound, it’s better than having no jailbreak at all,” Ghani said.
The latest jailbreaking hack was revealed Friday, the same day Apple issued a security update repairing a critical PDF flaw in the mobile Safari browser that left devices, such as iPhone, iPad and iPod touch, running on its iOS, susceptible to attack.
The update repaired the PDF flaw, which stemmed from a buffer overflow issue occurring in the way the iOS parses fonts in Apple’s mobile Safari browser. The update also patched another vulnerability in the iOS, which allowed hackers to bypass Apple’s ASLR (address space layout randomization), a security feature that involves random position arrangement of key data areas that make it more challenging for hackers to predict target addresses and launch attacks.
However, in addition to enabling jailbreaking hacks, researchers at Germany’s security agency, known as BSI, found that the PDF vulnerability also could be used by cyber criminals to distribute malware via users’ iPhones, iPads and iPod touches .
The iOS PDF flaw became widely publicized after hackers disclosed the latest release of the JailbreakMe framework, version 3.0, on the JailbreakMe Web site.
In an attack scenario, cyber criminals could create a malicious PDF distributed via a link embedded over e-mail or social networking site. Users would unknowing install malware by opening the link or the PDF file while running the Safari browser. Attackers could then access users’ personal or financial data stored on their iPhones or iPads, including online banking information, credit card numbers, text messages, calendars, e-mails and passwords. They could also exploit the flaw to intercept users’ phone conversations and locate and track users via the iPhone’s GPS capabilities.
Thus far, security researchers have not detected any malicious exploits in the wild targeting the iOS flaws.
Meanwhile, Andrew Storms, director of security operations at security firm nCircle, said that iPhone’s popularity will continue to make the device a target, but added that the frequency of attacks will likely force Apple to bolster security mechanisms that make it harder for hackers to jailbreak and exploit.
“As the target market grows so are the attackers going to follow,” Storms said. “Also know that the iOS devices are the most heavily targeted mobile devices, and because of that, Apple has had researchers attack this thing. At some point in time it’s going to be the most secure device, because it has undergone so much scrutiny for so many years.”
related stories
Video
trending stories
sponsored resources

Cysurance
Cyber Insurance 360

Carbonite
Cloud Storage 360

Application Integration 360

Tenable
Cyber Risk 360

NPD
Industry Trends 360

Channel Chief Showcase

Smart 3rd Party
3rd Party Maintenance 360

Cradlepoint
5g for Business 360

Cato Networks
SASE & SD-WAN 360

Trend Micro
Trend Micro Learning Center

HubStor
Cloud Backup 360

CyberPower
CyberPower

Veeam
Veeam

Comcast Business
Comcast Business Learning Center

CRN Showcase

APC by Schneider Electric
Digital Services for Edge Learning Center

Dell Technologies
Dell Technologies Server Learning Center

Dell Technologies
Dell Technologies Cloud Learning Center

Cyber Protection 360

VMware

EPOS
EPOS

Sophos
Sophos Cybersecurity Learning Center

iboss
Cloud SASE Platform 360

Vonage
Vonage

Sherweb
Sherweb

Vertiv
Edge Computing Learning Center

Dell Technologies
Dell Technologies Storage Learning Center

Fujifilm
Fujifilm

BlackBerry
BlackBerry Learning Center

Acer
Remote Workforce 360

Webroot
Webroot Learning Center

Comm100
Collaboration & Communications 360

Partner Program Guide Showcase

Wasabi
Wasabi

Dell Technologies
Microsoft HCI Solutions from Dell Technologies Learning Center

Hitachi Vantara
Hitachi Vantara

eSentire
Managed Detection and Response 360
