‘Dangerous’ iPhone exploit code goes public – Computerworld

‘Dangerous’ iPhone exploit code goes public – Computerworld.

This was actually predictable.

A proof of concept demonstration demonstrated an ability to “Jailbreak” iPhones over the web, with no intervention of a computer,etc. but rather through surfing to a website directly on the iPhone. The reports are that this exploit is performed through a vulnerability within Adobe PDF handling on IOS platforms (the software that iPhones, iPads, etc. use to run).

The originator of the exploit, a software hacker named “Comex”, did not initially release the code.

Throngs of people proceeded to jailbreak their iPhones in this way.  Those of us in the security and forensics world knew that an exploit would not be far behind.

On Wednesday Apple released a patch to fix the issue that enables this to happen.  Minutes later Comex released his code to the internet-at-large.

What does this all mean?

I know a large number of attorneys that use iPhones- I do too.  I also know a large number of attorneys that use PDF documents (most, if not all, of them).

Because of the complexity of the code I would give this about two, maybe three, more days before there are active attempts to inject malicious code into iPhones.  This could hit attorneys that haven’t patched especially hard because of the PDF angle.

The answer is simple:  Patch your iPhone, iPad, etc.  The patch works. I have only done limited testing, but even Comex notes that the patch stops the exploit.  Comex sent a Tweet yesterday after apple released the patch that says it all:

That was fun while it lasted. Hope you saved your SHSH. Remember that 4.1 rhymes with fun.”

(4.1 is the vulnerable version of the iPhone IOS, 4.2 is the patched version)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: