Most Apple mobile device users love their gadgets, and they enjoy the fact that Apple as a company takes security to seriously. The App Store has a plethora of great programs that can do practically everything, and, until recently, the platform has been considered one of the most secure around. That is, until recently.
There is a large minority of iOS users who use “jailbreak” software to crack open the coding in iOS. They do this so their devices can run non-Apple-sanctioned, third-party software, and to re-write iOS code to make it more personalized. One of the most popular jailbreaking programs is JailbreakMe. The freeware is downloadable, and is considered a handy way for users to take more authority over their iOS-running devices.
The so-called Apple Dev-Team, a tech group that is not associated with Apple in any way, announced the newest version of JailBreakMe. Comex, a well-known member of the group, directed prospective users to go to www.jailbreakme.com to install the updated program directly from their browsers. However, all is not well in paradise.
In response to the Dev-Team’s announcement, Germany’s IT agency reported that there are potential “critical weaknesses” in jailbroken iOS that could be used by hackers to modify software and deliver malware to other, even non-jailbroken, users. The weakness can be exploited by using a contaminated PDF document. Once the user has clicked on the malicious PDF, hackers have unrestricted access to the device, including its contact list, and can use the jailbroken device as a portal to contaminate other users.
Apple responded by announcing it was aware of the problem and is working on a remedy for the vulnerability. Trudy Miller, spokesperson for Apple, announced on July 6, “Apple takes security very seriously. We’re aware of this reported issue and are developing a fix that will be available to customers in an upcoming software update.” Ms. Miller did not indicate whether Apple actually has a time frame for this problem’s fix. She did, however, advise Apple device users not to attempt to use the jailbreak software in the first place, as doing so will void Apple’s warranty anyway.
For their part, the Apple Dev-Team did report the security flaw on their website, but they pointed out that there could be a “good chance the security impact of these vulnerabilities will remain theoretical.” They released a patch that will address the iOS vulnerability, PDF Patcher 2. This fix is only installable on an iOS jailbroken device, which means that non-jailbroken iOS devices will still be vulnerable to the problem until Apple’s fix becomes available.
“The Jailbreakme.com exploit downloads a payload to jailbreak the phone, but it could be changed to deliver a malicious payload,” reports Charlie Miller, an Apple security expert and Accuvant’s main research consultant. “This is the first exploit that can defeat Apple’s ASLR (Address Space Layout Randomization).” ASLR is a security protocol that can be used to block certain types of attacks, which has been very successful in the past at thwarting hackers.
Germany’s IT agency urged people with iOS devices to not open PDF files whose origin is unknown, whether received via email attachment or accessible through a website. According to the agency’s site, they said (in German, translated with Google’s Translate function) that “No attacks have been observed.” The statement continued, saying, “possible attack scenarios for cybercriminals include the reading of confidential information (passwords, online banking data, calendars, e-mail content, text or contact information), access to built-in cameras, the interception of telephone conversations, and the GPS localization of the user.”
Ironically, this poses a quandary for Apple device users: jailbreak their device and utilize the PDF Patcher 2 patch developed for jailbroken devices, voiding their warranties, or wait until Apple releases its own fix—and be very careful in the meantime.
Charlie Miller cautioned that, “No one has seen a malicious payload yet, but it easily could be very serious.”
An additional irony in this situation is that last year’s JailBreakMe.com update for the newest version of iOS revealed a similar security problem, which Apple resolved quickly thereafter.