Germany issues security warning after iOS jailbreak release
JailbreakMe tool, which gives iOS device users the freedom to run any application they want, could be used by bad guys to get unrestricted access to phones via malicious PDFs.
A tool that lets people remotely jailbreak their iPhones could be modified to attack iPhones and iPads with malicious PDFs and appears to have prompted Germany's government to issue a security warning to consumers.
The Dev-Team, and specifically member Comex, today released the latest version of JailbreakMe.com, which allows people to "just browse to http://www.jailbreakme.com on your device and install it from there!"
While, the tool gives iOS device users the freedom to run any application they want, including software not sanctioned by Apple, it could also be modified and used to deliver malware to iOS devices, and not just jailbroken ones.
After the tool was released, Germany's IT agency issued a statement warning of "critical weaknesses" in iOS that could provide attackers unrestricted access to a device if a malicious PDF is clicked on, according to The Associated Press.
A spokeswoman in Apple's Cupertino, Calif., headquarters, told CNET that the company is working on a fix.
"Apple takes security very seriously. We're aware of this reported issue and are developing a fix that will be available to customers in an upcoming software update," Apple spokeswoman Trudy Muller said in a phone interview. She could not provide a time frame for the fix. Meanwhile, Apple discourages customers from jailbreaking their devices because it voids the warranty.
The Dev-Team acknowledged the security risk on its Web site, and said there is a "good chance the security impact of these vulnerabilities will remain theoretical."
The developers also released a patch called PDF Patcher 2 for the main vulnerability. The patch can only be installed on a jailbroken device, however, so non-jailbroken devices will remain vulnerable until Apple releases a fix.
"The Jailbreakme.com exploit downloads a payload to jailbreak the phone, but it could be changed to deliver a malicious payload," said Charlie Miller, a principal research consultant at Accuvant and an Apple security expert. "This is the first exploit that can defeat Apple's ASLR (Address Space Layout Randomization)," a security technique that can block certain types of attacks.
The German agency urged iOS device users to avoid opening PDF files of unknown origin, either in e-mail attachments or on Web sites. The agency did not respond to calls and e-mails from CNET today. According to a statement on its Web site (translated in Google Translate), the agency said "no attacks have been observed." In its statement, the agency also said that "possible attack scenarios for cybercriminals include the reading of confidential information (passwords, online banking data, calendars, e-mail content, text or contact information), access to built-in cameras, the interception of telephone conversations, and the GPS localization of the user."
Miller suggested that people with jailbroken devices install the PDF Patcher 2 patch to close the hole. And until Apple issues its fix, the only protection for non-jailbroken devices is to jailbreak them and then install the PDF Patcher 2 software.
"No one has seen a malicious payload yet, but it easily could be very serious," he said.
An earlier release of JailbreakMe.com prompted similar concerns nearly a year ago. Apple released an upgrade that resolved that issue shortly thereafter.