iPhone hacked with zero-day font vulnerability
Summary: Apple's newest iPhone devices have been hacked with a zero-day font vulnerability in the latest iteration of the JailbreakMe.com project.
Apple's newest iPhone devices have been hacked with a zero-day font vulnerability in the latest iteration of the JailbreakMe.com project.
The JailbreakMe.com exploit allows the automated jailbreaking of iPhone/iPad/iPod Touch devices from a specially created Web site.
It is essentially a drive-by download attack that exploits the way Apple’s mobile operating system processes certain fonts. Technical details of the vulnerability are not yet know.
It is likely being combined with a second privilege escalation bug to escape the iOS sandbox, much like the first version of the jailbreak exploit. According to "Comex," the hacker behind the site, the exploit defeats ASLR (Address Space Layout Randomization), a key anti-exploit mechanism.
Along with the jailbreak exploit, "Comex" also released a patch for the main vulnerability.
"Due to the nature of iOS, this patch can only be installed on a jailbroken device. Until Apple releases an update, jailbreaking will ironically be the best way to remain secure," he explained.
On the issue of releasing exploit for zero-day flaws, here's a note from the site's FAQ:
I did not create the vulnerabilities, only discover them. Releasing an exploit demonstrates the flaw, making it easier for others to use it for malice, but they have long been present and exploitable. Although releasing a jailbreak is certainly not the usual way to report a vulnerability, it still has the effect of making iOS more secure in the long run.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
RE: iPhone hacked with zero-day font vulnerability
RE: iPhone hacked with zero-day font vulnerability
Lies, lies, lies
RE: iPhone hacked with zero-day font vulnerability
What?!? No [b]BOLD[/b]? No [i]ITALICS[/i]? No [u]UNDERLINE[/u]?
rotflmao :D
RE: iPhone hacked with zero-day font vulnerability
RE: iPhone hacked with zero-day font vulnerability
RE: iPhone hacked with zero-day font vulnerability
RE: iPhone hacked with zero-day font vulnerability
RE: iPhone hacked with zero-day font vulnerability
RE: iPhone hacked with zero-day font vulnerability
Just wondering...
RE: iPhone hacked with zero-day font vulnerability
p-p-p-possibly......
RE: iPhone hacked with zero-day font vulnerability
RE: iPhone hacked with zero-day font vulnerability
RE: iPhone hacked with zero-day font vulnerability
Spam ^^^???
RE: iPhone hacked with zero-day font vulnerability
RE: iPhone hacked with zero-day font vulnerability
And it makes me wonder...
Yet, when a vulnerability is brought up, only iPhone is mentioned? [i]"Apple?s newest iPhone devices have been hacked with a zero-day font vulnerability..." [/i]
Ryan, I'm sorry, but iOS is iOS iOS. If the idiot fanbois get to include iPods and iPads when it supports their argument, then iPods and iPads have to be included when the topic is bad news as well. (please note, i'm not including you in the 'idiot fanboi' group)
Also, it's funny how everytime an article gets written about consumerization of IT (like we saw yesterday with the TouchPad vs Playbook vs iPad in enterprise), and enterprise catering to the user's wants rather than needs... we see an article like this pop up. It gives credit to the necessary rules that everyone hates that enterprise is forced to apply upon it's users (it is, after all, the company's network)
Hey, I hate having my internet filtered, but I know what havoc can be brought on by relaxing the rules, so I don't worry about whether I'm popular or if someone can't spend their workday on the web looking at crap they're not supposed to.
RE: iPhone hacked with zero-day font vulnerability
RE: iPhone hacked with zero-day font vulnerability
I suggest hiring REAL IT people. Let me guess, you do allow Android ?
RE: iPhone hacked with zero-day font vulnerability