iPhone Jailbreak Uses a PDF Display Vulnerability

adeelarshad82 writes "Latest reports indicate that the website that 'jailbreaks' iPhones, iPads, and iPod Touches does so by means of a PDF-based vulnerability in OS X. PDF parsing and rendering is a core feature of OS X, and there have been several other vulnerabilities in the past in iOS CoreGraphics PDF components." As Gruber points out, the proper term for this is not "jailbreak," but "remote code exploit in the wild."

PDF

[ae1294]

I forget can some one remind me what P.D.F. stands for again?

Re:PDF

[Monkeedude1212]

Poor Dumb *Explicit*s

Re:PDF

[Kitkoan]

Poor Decision, Forgettaboutit

Re:PDF

[Culture20]

I forget can some one remind me what P.D.F. stands for again?

Programmable Digital-executable Format
And they've almost got every means of binary execution crammed in.

Re:PDF

[Revotron]

I must be missing something or having a whoosh moment, because you're totally wrong.

PDF in this sense means Portable Document Format.

Re:PDF

[Kitkoan]

Yep, its a whoosh moment...

*whoosh*

Re:PDF

[Monkeedude1212]

Yes, that is a whoosh moment.

Re:PDF

[TomXP411]

I thought it was "Portable Document Format", so-named because everything needed to display the document (except the viewer) was built in to the file. HTML relies on external fonts and images. Word processor files also rely on external fonts. PostScript files may not render on certain devices, such as non-PostScript printers. Image files are too large and bulky, especially when stored in high enough resolution to be useful for printing (at least 300dpi, which would be 7.5 megapixels (22 MB RAW) for a single page. On the other hand, PDF's (theoretically) render the same on any OS and hardware: it should look reasonably similar on a screen and on any printer...

Re:PDF

[clintonmonk]

I forget can some one remind me what P.D.F. stands for again?

Pretty Dumb File.

http://www.toothpastefordinner.com/070210/pretty-dumb-file.gif

Re:PDF

P. D. F = P0wn Da Fone?

Re:PDF

[rudy_wayne]

I thought it was "Portable Document Format",

Based on the number of flaws, I would call it "Problematic Document Format".

Re:PDF

Seriously, LOL - this deserves to become the unofficial name of PDF. Realizing that one can embed a SWF file inside a PDF document (and that inside another SWF, and so on...) is the ultimate facepalm moment.

Re:PDF

Pown Document Format.

Re:PDF

[Orestesx]

+1 Funny

Re:PDF

[selven]

The joke is that this so-called "document format" is going way outside its original scope and now supports so much scripting that it might as well be a library for executable files.

Re:PDF

Pretty Darn Fsck'd

Re:PDF

Phone-based Distortion Field

Re:PDF

Programmable data-executable Format

Fixed that for you

Re:PDF

[ae1294]

The joke is that this so-called "document format" is going way outside its original scope and now supports so much scripting that it might as well be a library for executable files.

I'm going to start sending out all my resumes in dll format... I think it's safer that way...

Re:PDF

Come on give the guy a mod point!

Re:PDF

[ae1294]

Come on give the guy a mod point!

Or a job... No help desks, I tried to hang myself using a phone cord once but it broke.

Re:PDF

[(Score.5,+Interestin]

I forget can some one remind me what P.D.F. stands for again?

It stands for Penetration Document Format. HTH, HAND.

Re:PDF

[ae1294]

It stands for Penetration Document Format. HTH, HAND.

The URL has the word hack and it appears that the site might not be hosted inside the U.S. of A.

Everyone, to be safe please avoid clicking on that link. Don't even hover your mouse over it. I've called the Internet police and the consequences will never be the same for those who are behind it...

Re:PDF

[(Score.5,+Interestin]

It stands for Penetration Document Format. HTH, HAND.

The URL has the word hack and it appears that the site might not be hosted inside the U.S. of A.

What's more, the conference talk that's linked to was created by someone from Belgium, and it wasn't even used in a serious screenplay!

Re:PDF

Proprietary Document Format.

Re:PDF

[catmistake]

originally, it stood for "Printer Direct File," but as it was discovered that it might be useful to more than commercial printers, they changed it to "Portable Document Format." And PDF is PostScript, more or less. At any rate, I can't help but wonder if this jailbreak team is a beard for Adobe retaliating against Apple for the extremely humanitarian decision to ban Flash from iOS.

Re:PDF

[maxwell+demon]

PostScript files may not render on certain devices, such as non-PostScript printers.

And PDF files may not render on certain devices, such as non-PDF printers. Fortunately in both cases there are programs which can interpret that format and display or print it on printers which don't understand it. For PDF, the best-known such program is Adobe Reader (formerly Acrobat Reader). For PS, the most popular such program is Ghostscipt (with its companion Ghostview for more convenient viewing). Moreover, some operating systems transparently interpret postscript files which are sent to non-postscript printers.

Re:PDF

[mcgrew]

Pretty Dumb Fucking (whoever made the acronym PDF was lysdexic; it was supposed to be PFD).

Re:PDF

[TomXP411]

Yeah... I probably could have worded that better. :) My point was that PostScript can be used to create digitized versions of documents, but it's primarily a printer and image language, not a language for creating portable documents like PDF is.

Re:PDF

[TomXP411]

Probably not; the jailbreak crowd has been around for a while... the fact that they're using a PDF vulnerability amuses me, though. That font bug has been around since the beginning; I remember hearing about it more than 2 years ago, and apparently Apple never fixed it.

It just goes to show you how trivial it is to break even supposedly secure operating environments.

Re:PDF

[catmistake]

I am a small part of that crowd. Some other crowd released the web exploit,

Does not compute...

[chaboud]

Didn't you know that Apple is more secure?

As soon as I saw "computer-free jailbreak, straight from your browser" I thought "oh man.. here we go."

Re:Does not compute...

[magsol]

"It just works!...even though it's not actually supposed to!"

Re:Does not compute...

[Monkeedude1212]

No no no, you see, its not a Jailbreak, its a Remote Code Exploit... straight from your browser.

Re:Does not compute...

[isaaccs]

More does not mean completely.

Re:Does not compute...

[cbhacking]

It's OK, on Apple products remote elevation-of-privilege exploits with remote code execution are only used for *GOOD* things, like giving you control of the shiny little handheld computer you bought.

</sarcasm> just in case anybody was wondering.

Re:Does not compute...

[Idbar]

C'mon! It's just part of the magic!

Re:Does not compute...

[Nerdfest]

I thought "It Just Works" was describing iOS 4 on the 3G ...

Re:Does not compute...

correct, in apples case, more means way way worse. you only have to look at their vulnerability list for the past 12 months, it makes MS look like a bastion of security.

Re:Does not compute...

Too bad you don't know how to interpret the information so you just count and go by "quantity"... Rationalizing making the stupid choice seems to be very popular among windows users.

Re:Does not compute...

[crossword.bob]

Genuine question, no sarcasm tag required: How do those who berate Apple's walled-garden approach feel about games consoles? It genuinely puzzles me why we don't hear nearly so many complaints about the lack of open access to consoles, while a similar (to my mind; feel free to put me right) approach to a phone is evil.

As for the exploit that makes this jailbreaking possible, I sympathize with people who wish to jailbreak their phone, but I hope this particular exploit is closed as soon as possible. I've heard there are some unscrupulous types in tha intarweb who might consider using such a thing for less than altruistic purposes.

OK, maybe a touch of sarcasm after all.

Re:Does not compute...

[Belial6]

Personally, I do have just as much of a problem with game consoles. You are right about most people just taking the abuse if it is on a game console though.

Re:Does not compute...

[tibit]

You have to admit though, that the whole thing is extremely user-friendly even when jailbreaking. No stupid yellow pop-up ActiveX warnings, just tap here, slide there, and off you go. I wonder how much Apple influence was there when the UI was designed for this jailbreak. Compare how nice it looks next to most PC-based cracks/hacks that one can download. I'm half-serious here.

Re:Does not compute...

[(Score.5,+Interestin]

No no no, you see, its not a Jailbreak, its a Remote Code Exploit.

No no no, you see, its not a Jailbreak, its an undocumented remote administration feature.

There, FTFY.

Re:Does not compute...

> How do those who berate Apple's walled-garden approach feel about games consoles?

I dunno, differently, because they're different things? I know that's a lot to process. The console makers also don't have an entire "evangelism" department dedicated to blowing smoke up my ass.

And yes, I do hope Apple does close its remotely exploitable security hole.

Re:Does not compute...

[cbhacking]

The PS3 *had* the ability to run other OSes (Linux), even though you were locked out of the GPU. That was good enough for most people. I don't know if you read the relevant threads on here or not, but people are mightily pissed about that feature being removed.

The Xbox 360 has an officially supported channel for homebrew software. It's free to develop (assuming you have a copy of Windows) and I think it's $100/year if you want to publish via MS. It doesn't give full control over the hardware; you're limited to a subset of C# (in particular, no unsafe code), but you do get hardware acceleration.

The Wii is in the same constant flux of exploits being found, homebrew being installed, and the manufacturer cracking down via patches. It's earned its fair share of complaints too.

All that said, it's worth noting that the use cases for a game console and a smartphone are very different. A game console is designed to do one thing as well as possible: play games. Everything else it can do, even stuff like play movies, is secondary to that goal. Generally speaking, people buy them for this purpose. Smartphones, on the other hand, are marketed as hand-held always-connected devices that are brimming with apps - i.e. they're marketed as small computers which happen to be able to make phone calls too. The success of the iPod Touch, which is just an iPhone without the phone (and bears no resemblance to an iPod; it's a PDA/Internet tablet with a with a name that meets Apple's coolness guidelines) shows what it really is about: the computer in your hand, not the making calls or listening to music.

Don't get me wrong, consoles being more open would be great. However, on a console the main things that more openness gets you is cheating and piracy (this has been fairly well demonstrated in the Xbox's history). Smartphones get some app piracy, of course, but they also benefit a lot more from unrestricted development.

Re:Does not compute...

Apple will have a press conference on Friday about the exploit. Apparently all phones can be jailbroken, which they will demonstration on a Droid, WinMo & Blackberry. The amount of iPhone4's jailbroken due to this exploit is only 1 per 100 more than previous generations. The number of calls to Apple's support lines regarding this problem is only .01%. If you don't like the exploit, return the phone for a full refund. And finally, they will be giving away free bumpers which fix the problem (the bumper covers the touchscreen).

Re:Does not compute...

[MobileTatsu-NJG]

Genuine question, no sarcasm tag required: How do those who berate Apple's walled-garden approach feel about games consoles?

When I talk about Apple and use words like 'walled-garden' and 'open' my post has the word 'Insightful' appear next to it. That doesnt work as well in console threads, so I use words like "defective-by-design' and 'RROD' to make it appear.

Re:Does not compute...

[freedumb2000]

It would have been interesting if the jailbreaking webpage would fix the exploit after rooting it.

Re:Does not compute...

[crossword.bob]

I believe there is a patch to shore up PDF code on a jailbroken phone. Which does exhibit that oh so tangy bite of irony.

Re:Does not compute...

[tehcyder]

I don't think people on slashdot are particularly impressed by Sony, Nintendo or Microsoft (the main games console makers) either.

Re:Does not compute...

[gorzek]

I think the difference is that to many people, a phone is an important part of everyday life. You use it to track appointments, keep in touch with people, read email, surf the web, get information, etc. It's a very personal device.

On the other hand, a game console isn't very personal. While you can personalize it in some ways, it never really rises above the straightforward tasks of playing games and other media. And since you don't (usually) take it with you, a game console is just not going to be as integral to your everyday life as a phone.

So, when it seems like someone else has control over your phone, it's much more unsettling. You think of it and everything on it as "yours," and every time you're reminded that someone else holds all the keys to it, that illusion is dispelled a little bit more.

Re:Does not compute...

[mdwh2]

How do those who berate Apple's walled-garden approach feel about games consoles?

Well, I wouldn't view a games console as a computer in any sense.

It genuinely puzzles me why we don't hear nearly so many complaints about the lack of open access to consoles,

Because people try to pass the Iphones off as smartphones, and compare them to platforms that aren't locked down, like Symbian, RIM and Android.

approach to a phone is evil

It's not evil. It's a valid reason to criticise the platform (just as Apple fans criticise Windows, Android, Symbian etc). And it would be a concern if thanks to all the Apple coverage in the media (whilst other companies in the mobile space are virtually ignored), that Apple became dominant in mobile computing (just as it would be worrying if say, PCs disappeared and were replaced with locked down games consoles). Thankfully though, that doesn't seem to be happening, with Apple in fourth place, and Android, Symbian and RIM all increasing their lead over Apple.

Re:Does not compute...

[isaaccs]

Uh-huh. That's why the number of exploited OS X devices is so high compared to any other platform. Makes complete sense.

Re:Does not compute...

[mdwh2]

Apple will have a press conference on Friday about the exploit. Apparently all phones can be jailbroken, which they will demonstration on a Droid, WinMo & Blackberry.

Apparently "all" phones, but they forget a model from the market leading platform...

Re:Does not compute...

[mdwh2]

I thought that exploits and malware only affected jailbroken Iphones, so they deserve what they get.

Oh wait...

(Apple, getting hacked Just Works!)

Re:Does not compute...

[shutdown+-p+now]

Genuine question, no sarcasm tag required: How do those who berate Apple's walled-garden approach feel about games consoles? It genuinely puzzles me why we don't hear nearly so many complaints about the lack of open access to consoles, while a similar (to my mind; feel free to put me right) approach to a phone is evil.

It's fairly simple: game consoles have always been closed, very much so. Smartphones, on the other hand, for the most part, have been fairly open right until iPhone.

So it's the same thing from a purely ideological/philosophical standpoint, but a lot of people care more about the pragmatical side of things. If my new phone is suddenly less featured than my old phone due to newly added restrictions, you can be sure I'll make a note of that. Not because of innate love of all things open, but because I've got used to the benefits of having an open platform. There was no opportunity for that on consoles.

(that said, many PC gamers do shun consoles for being overly locked-down in many ways)

Re:Does not compute...

[Kalidor]

I think there is also a question of difference of levels. Take, for instance the PSP. A device that is semi customizable.

Sony tries to make sure it stays with-in a certain standard but there are ways to run arbitrary code and cook new software and firmware for it. Some of the methods are trivial others are not. Overall, when you look at the entire scope of what can be done to the device, Sony is rather hands off. (Which is a surprise to me as I often lump Sony and Apple into similiar categories.)

With the iPhone, Apple tries to make it a tooth & nail fight for every inch.

I guess to continue the analogy; The wall in Sony's garden is chicken wire, and wall in Apple's garden is 3 meter thick unobtainium. The former is more of a suggestion and people are more easy going with that.

Re:Does not compute...

[toriver]

Remember that the focus probably would have been on the U.S. market, where Nokia almost are "Noki-what?".

Re:Does not compute...

[Kielistic]

Game consoles aren't marketed as general purpose computing devices. Except maybe the PS3, and there was a large outcry when that was removed.

Re:Does not compute...

[h00manist]

Genuine question, no sarcasm tag required: How do those who berate Apple's walled-garden approach feel about games consoles? It genuinely puzzles me why we don't hear nearly so many complaints about the lack of open access to consoles, while a similar (to my mind; feel free to put me right) approach to a phone is evil.

As for the exploit that makes this jailbreaking possible, I sympathize with people who wish to jailbreak their phone, but I hope this particular exploit is closed as soon as possible. I've heard there are some unscrupulous types in tha intarweb who might consider using such a thing for less than altruistic purposes.

OK, maybe a touch of sarcasm after all.

I believe that would be qualified as light irony, and good-humored - not sarcasm. I think irony is more positive, honest and humorous, while sarcasm is more critical and degrading, and welcome by most of the audience, unless against their interests of course. Good irony is someties hard to be funny without becoming negative or offensive. If more were to speak like that...

I hear differently from Users

[longhairedgnome]

Apple doesn't get virii like PCs.

Re:I hear differently from Users

[Kitkoan]

Of course not, Apple gets security risks right out of the box so you don't have to do it yourself. A weak security Flash player is built into every copy of OSX so you too can worry about security.

Re:I hear differently from Users

[sumdumass]

Your right, because in Apple, it's a feature right? Well, at least a feature that allows it's customers to do what they want.

Oh hell, I never should have taken the bait.

Re:I hear differently from Users

[alangerow]

Because people don't have to bother writing a virus to get access to Apple's products. Apple's programmers are more than good enough and leaving them backdoors all over the place. That's why it's not like PCs ... just like everything else at Apple, it's easier!

Re:I hear differently from Users

[h00manist]

You mean they never get detected, right? Iphone virii are *much* better written. The data stolen is worth much more.

Re:I hear differently from Users

It's the plural of virus.

Re:I hear differently from Users

[longhairedgnome]

o rly?

Re:I hear differently from Users

[Lunix+Nutcase]

Yes.

1) Virus has no plural form in Latin and as such viruses is the most accurate pluralization in English.
2) The only way virii would be correct is if virus was a masculine second declension term which it is not.

Re:I hear differently from Users

[gringer]

It's the plural of virus

Er, did you read the page you linked to?

The plural virii, though common, is often considered to be incorrect, and based on a misunderstanding of Latin. There is no plural for the Latin word virus; using the native English pluralisation rules, to yield viruses, would arguably then be most correct.

Re:I hear differently from Users

Glad you caught the bait..

You = a moron who fails trolling 101...

Re:I hear differently from Users

[afidel]

English is not Latin and the rule in English is if it's in common usage and not against a "classic" grammar rule then it's correct. English has no formal rules for conjugation so if enough people choose to use a given form then it's correct.

Re:I hear differently from Users

[B1oodAnge1]

The only way virii would be correct is if virus was a masculine second declension term which it is not.

Sadly also true of penii :-(

Re:I hear differently from Users

[Jeremi]

A weak security Flash player is built into every copy of OSX so you too can worry about security.

Apple excludes Flash from iOS, and people bitch. Apple includes Flash as part of MacOS/X, and people bitch. They can't win.

Re:I hear differently from Users

[Kitkoan]

Its more like just pick a stance, not say yes on one (OSX) and then turn around and declare it the devil on the other (iOS).

Re:I hear differently from Users

[mattack2]

No formal rules for pluralization? (I presume you meant pluralization rather than conjugation.)

To pluralize:

if HasSpecialPluralization(word) // e.g. vortex -> vortices; antenna -> antennae
    DoThatSpecialPluralization(word)
else if last_char_of_word(word) == "s"
    add "es"
else
    add "s"

Re:I hear differently from Users

[icebraining]

What about not including it by default, but not banning it either, and letting people install it if they choose to?

Re:I hear differently from Users

You = a moron who failed elementary school grammar

FTFY

Re:I hear differently from Users

[MechaStreisand]

Regarding 2), I think that would only be correct if virius was that masculine etc etc. But since everyone is talking about viruses, not viriuses, the term "virii" is pure retardation.

Re:I hear differently from Users

[Barsteward]

"Hoist with your own petard" seems a deserving comment for Apple

Re:I hear differently from Users

They tried that, long ago. Just about every Safari user wanted it. So they negotiated with Adobe to bring value to their platform.

Flash on a phone won't bring value to the phone.

Re:I hear differently from Users

[teh+kurisu]

Flash for some... miniature American flags for others!

Re:I hear differently from Users

True, I've never felt any added value being able to watch flash video on my Android during boring train commutes without having to worry about the site having converted it to work under HTML5, or being able to offer out of hours support to the client who has a Flex-based admin system without having to be near a PC... oh, wait!

Re:I hear differently from Users

[maxwell+demon]

What he probably meant is that the function pair HasSpecialPluralization/DoThatSpecialPluralization isn't formally specified. Especially that it's valid to have in HasSpecialPluralization:

if word == "virus"
    true

and in DoThatSpecialPluralization:

if word == "virus"
    word <- "virii"

Re:I hear differently from Users

[mdwh2]

This can happen eventually, but it doesn't mean that any misspelling, no matter how common, is correct. By your logic, there's no such thing as bad spelling, just so long as other people make the same mistake!

What happened to saying "Oh yes, you're right. Thanks for correcting me"? Instead we now have people trying to claim that their misspelling is correct English, simply based on the claim that English is defined by how people write.

Re:I hear differently from Users

[afidel]

Uh, it changed when we realized language is for communications and not for stuffy academics to tell us how we should and shouldn't communicate. If it's disambiguous what I mean when I say virii then the language has achieved it's purpose, it has communicated my idea.

Re:I hear differently from Users

You're an idiot.

Re:I hear differently from Users

Attention... all grammer nazi"s! Is there anything, wrong with: my post.

Yes. That should be 'Is they're anything'

This is really tiresome

Is it really so hard to write a document viewer that can not crash? These aren't small companies. We're talking about Apple, Adobe, Microsoft here. Can't they at least get the core functionality right? I'll settle for safe if getting it right is too much to ask for.

Re:This is really tiresome

[plover]

I saw a brilliant slide at Blackhat last week that sums it up perfectly (same vendor, different product)

Native Security Functionality of Adobe Flash

[ This slide intentionally left blank ]

Re:This is really tiresome

[beelsebob]

In the computing world we live in, where performance is everything, and correctness merely nice to have, yes, yes it is that hard. Until we start using highly abstracted, highly statically checked languages, and implementing proofs that things like buffer overruns happen, this is the sad reality we live in.

Re:This is really tiresome

[ThePengwin]

where performance is everything

Someone needs to tell adobe this, their programs have been bloating up and become more unstable with each new iteration.

Re:This is really tiresome

Some how you sig seems relevant...

Re:This is really tiresome

ADOBE had NOTHING to DO WITH THIS.

I take comfort in the fact that you will spend an eternity in Hell for bearing false witness.

The code that rendered this PDF was 100% Apple's.

Re:This is really tiresome

Except of course that this vulnerability is in APPLE's viewer.

Re:This is really tiresome

Yeah, THIS one isn't, but that one is. My initial comment wasn't about a particular bug. It was a rant about the general state of affairs. If the biggest software houses can't even write a PDF viewer that's failsafe, then perhaps we should stop using PDF and work with a really simple bitmap format. Thing is, I have a hunch that they would screw that up too.

Re:This is really tiresome

[wimvds]

If the biggest software houses can't even write a PDF viewer that's failsafe, then perhaps we should stop using PDF and work with a really simple bitmap format. Thing is, I have a hunch that they would screw that up too.

Well, actually they already screwed that up in the past, or don't you remember MS with its JPEG vulnerabilities (http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx)?

Re:This is really tiresome

[shutdown+-p+now]

I'll settle for safe if getting it right is too much to ask for.

According to statistics, the majority of exploits today are still, at their core, good old-fashioned buffer overruns.

Writing everything in Java (or C#, or Go, or any other memory-safe language) would cut down the number of security vulnerabilities in half right away. So... would you settle for "slow" to get it right?

Re:This is really tiresome

Getting it right is more than writing unexploitable code, but yes, I would trade some performance for safety. I don't need PDFs to show in a fraction of a second, but I do need to know that my data is secure from PDF exploits rooting my computer. I still believe though that a big software house should be able to write bullet proof native code for core features like font rendering.

Say it with me...

[warrax_666]

It stands for PeDoFile.

Re:Say it with me...

[ildon]

Did you say Peter File?

Re:Say it with me...

His name is Peter File?

Explois and wikileaks

[h00manist]

So many exploits and spy wares, you'd think more stuff would end up in wikileaks. I guess it all goes to various groups private wikileaks, known as intelligence or something similar..

Re:Explois and wikileaks

[ThePengwin]

Its actually not hard to read the entire exploit yourself from the site. Change your browsers useragent to an iPhone like string, and inspect the javascript on the page. i scoffed when i found the function that makes the url to the exploit file:

function get_page() {
        return model == null ? null : ("/_/" + model + "_" + firmware + ".pdf")
}'

It's a feature...

It's really funny to see how this is treated by the mass media. They make it sound like it's a feature...

Re:It's a feature...

[Darkness404]

Really says alot about Apple's policies if the mass media is treating this like a feature and a good thing to be able to jailbreak it.

Re:It's a feature...

[zuperduperman]

I looked at the web page for my local newspaper today and it featured two headlines right above one another:

1. iPhone4 Jailbreak Offers Apps to Millions
2. Microsoft Windows Flaw Leaves Millions Vulnerable to Hackers and Malware

I guess we always knew that mass media lives well inside the reality distortion field, but still ...

Re:It's a feature...

[vijayiyer]

It says nothing about Apple's policies and everything about the mass media.

Re:It's a feature...

Really says a lot about Apple's advertising budget if the mass media is treating this as a feature and not freaking out that every iPad and iPhone in the world is currently vulnerable to the kind of drive-by malware that turned Internet Explorer into a laughing-stock.

Re:It's a feature...

[Idbar]

And as soon as this is treated as an exploit, don't doubt Jobs will come out to blame it on Adobe as the evil company.

Re:It's a feature...

Keep in mind that, in reality, this is entirely Apple's flaw as it's in their own PDF rendering code -- which has nothing to do with Adobe, was not originally written by Adobe, and has never been touched by Adobe.

Re:It's a feature...

well...

Apple will patch this, eventually, then the mass media will say that apple is being anticompetative and "closed" for not allowing the jailbrake.

Re:It's a feature...

And as soon as this is treated as an exploit, don't doubt Jobs will come out to blame it on Adobe as the evil company.

I believe Apple has implemented their own PDF rendering engine in iOS.

Re:It's a feature...

[Demonantis]

I think adobe would love to be treated that way. To be synonymous with a document format means anyone wishing to use it instantly wants to have the program your pushing. PDF is not exclusive to adobe. They probably gets tonnes of sales just from people that want to make PDFs and don't realize a free program will meet their needs. It is like saying Windows is a PC.

Re:It's a feature...

Umm it is Adobe's fault.

Other than Safari Moblie running as root...

Re:It's a feature...

[mcgrew]

It says nothing about Apple's policies and everything about the mass media.

Spell checkers are spoiling everything! Gees, one little typo and everybody copies the typo, like using the verb "loose" when you mean that other verb "lose". It isn't mass media, it's MESS media.

Same thing with "fast food". Think about it -- how long do you stand in line at McDonald's or Burget King? You could go to a sit-down restaraunt with waiters and have your food eaten before you'ld reach the end of the line at McD. IT'S A TYPO! Heve you seen the size of the cows that eat there? It's Fat's Food and "mess media" (which got its name "mess media" because they always get things wrong).

Re:It's a feature...

Adobe doesn't make the PDF viewer being used (thanks to Adobe opening up the format for all to use, royalty free, as they have with most other things). This exploit has nothing to do with Adobe.

I don't doubt Jobs might still come out and blame Adobe anyway, though =P

LOL

[Spazntwich]

"Just don't render it that way." - Adobe

Re:LOL

[Monkeedude1212]

No the REAL LOL is the advertisement on this page.

Vulnerability Management for Dummies

Whatever Slashdot uses for it's adserver, I applaud.

Re:LOL

[TheGratefulNet]

funniest thing I've read in weeks. BRAVO!

Re:LOL

[deniable]

You're rooting it wrong. Yes, I am an Australian.

Re:LOL

[c++0xFF]

You, sir, just made me turn advertisements back on.

Slashdot thanks you.

remote exploit

[jewishbaconzombies]

Soooo all .pdf exploits instal Cydia? How considerate. I thought only jailbreakers did that.

I love how using Apple products makes everything so easy - Cydia for everyone! Thanks!

Not a virus

[SuperKendall]

Macs (and the iPhone) do not yet have any active viruses in the wild.

It does not mean they cannot get them; there just are none.

This jailbreak thing is indeed a real live exploit running in the wild, but it's a trojan (kind of) since you are asking it to do one thing (display a PDF) and it does another (jailbreak the phone).

In a way it should be labeled Malware, but that hardly seems an appropriate label since it's doing the user a favor...

So there is in fact a known exploit (this PDF bug) and one instance of something that exercises it. Very likely Apple will have this patched in pretty short order - what is really interesting to see is if there will be any "real" (read: malignant) exploits. My guess is probably not, since mobile platforms do not make great zombie systems to control the way desktops do.

If it were a real virus vector the story would be different as the lure of quickly taking over millions of devices would be very strong...

Re:Not a virus

what is really interesting to see is if there will be any "real" (read: malignant) exploits. My guess is probably not, since mobile platforms do not make great zombie systems to control the way desktops do.

If it were a real virus vector the story would be different as the lure of quickly taking over millions of devices would be very strong...

Why not? They make great attack drones that are reasonably difficult to trace.

Re:Not a virus

[WrongSizeGlass]

In a way it should be labeled Malware, but that hardly seems an appropriate label since it's doing the user a favor...

If you consider jailbreaking the iPhone a favor to the user. The next site that uses this gaping security hole to install a rootkit, or other malicious piece of software, won't be such a favor. This is a huge security issue for iDevices. When I posted the 'browser jailbreak' story the other day I included this (which was not included in version that posted by the editor):

The ability to modify iOS simply by visiting a website leaves these iDevices vulnerable to all sorts of malicious possibilities. I'd bet the ranch that Apple isn't the only one analyzing the website in order to diagnose this major security hole ... so are those with more nefarious intentions.

The fact that it is a PDF exploit rather than an iOS issue makes it more difficult for Apple to patch since it's not "one of their own". Clearly it's Apple responsibility to fix this ASAP (and their fault for letting it get into customer's hands), so they better get on it before someone else starts turning things into iP0wns.

Re:Not a virus

[fuzzyfuzzyfungus]

This actually illustrates what is perhaps the great security downside of locked-down systems.

Unlike open systems, they do largely prevent users from doing stupid stuff. However, because some percentage of users wish to escape the controls(which are never entirely benevolent, the temptation to rent-seek is just too strong), those users and the platform vendor become adversaries.

On an open system, the incentives of the user and the platform vendor are aligned: both want it to be as secure as possible. In a closed system, some percentage of the users actively depend on the existence of vulnerabilities, and wish to prolong that existence as much as possible, in order to secure their freedom from the platform vendor's control.

This is, of course, in addition to black hats, who have an equal desire for the existence of unknown security flaws on both closed and open platforms.

Re:Not a virus

[ThePengwin]

They are not connected to the internet as much, and their bandwidth is not as great as most drone computers.
Also, using a phone as a zombie is going to be draining resources, and phones are built to process as little as possible to save battery.

They would be fantastic for data mining, and fraud, but as part of a botnet they just dont have the resources a good ol desktop has.

Re:Not a virus

[morgan_greywolf]

It's not really a trojan, either. Gruber is as much a moron as Dvorak. This is simply doing something the user wants done.

Could it be a a virus vector? Anything that allows the user to install and run code is a virus vector, since any running code is a potential virus, especially if it can do so without the user's knowledge, but there are cases where even software that's installed with user's knowledge can become a virus or infection vector -- that's a hybrid trojan/virus.

And iPhones are a GREAT target for virus writers. Mobility, Bluetooth, WiFi, what's not to like?

Re:Not a virus

[DragonWriter]

This jailbreak thing is indeed a real live exploit running in the wild, but it's a trojan (kind of) since you are asking it to do one thing (display a PDF) and it does another (jailbreak the phone).

In a way it should be labeled Malware, but that hardly seems an appropriate label since it's doing the user a favor...

Actually, it advertises itself to the user as a jailbreak, even if the OS feature it exploits to perform that function is the PDF reader, so its not malware at all (at least, based on any current information about what it does.) OTOH, it uses a massive security hole that could be used by malware.

Re:Not a virus

[interkin3tic]

In a way it should be labeled Malware, but that hardly seems an appropriate label since it's doing the user a favor...

Benware? Beneware? Goodware?

Re:Not a virus

[Monkeedude1212]

If you don't consider a WORM a virus - than there isn't much in lines for Windows Viruses either these days. Almost everything else could be classified as trojan, worm, spyware, or other non-virus malware. I haven't had to clean a virus in a LONG time.

Re:Not a virus

[cbhacking]

For sufficiently loose definitions of "virus" (i.e. any malware, which is what most users mean) there actually is some in the wild at present.

http://www.intego.com/news/osx-opinionspy-spyware-installed-by-freely-distributed-mac-applications.asp
http://blog.intego.com/2009/06/19/new-rsplug-trojan-horse-variant-found-on-game-sites/

Found that in a casual glance down a completely unrelated story (on browser privacy). Is there any malware that is actively exploiting a genuine 0-day in OS X at present? I don't know, but I wouldn't count the possibility out.

Re:Not a virus

[ekhben]

Macs (and the iPhone) do not yet have any active viruses in the wild.

True, that. No self-replicating agents that infect host applications for iPhone or Mac.

But there are self-replicating agents that survive independent of host applications for the iPhone. The rickroll worm is still active and scanning network ranges frequently enough that you probably want to turn off 3G while you install sshd, so you have time to change the root password. And there's a more malicious but less common strain seen in the Netherlands that lifts banking credentials.

The particular vulnerability used by the jailbreak team is the type that's very commonly used to add a Windows host to a botnet, by injecting a malicious PDF or Flash object into an advertising network or through a hosted web exploit of some kind. It's disturbing to think that my iPhone could be added to a botnet by visiting a web site. It'd be pretty expensive to have my 3G connection flooded by spam delivery or a DoS attack. While I support the notion of jailbreaking, this is one hole I hope is closed very soon.

I also wonder if this problem applies to the Mac PDF software. Not necessarily true, different architectures and all, but possible.

Re:Not a virus

[nurb432]

While its true there are ( almost ) no viruses in the wild for OSX/etc its not just due to the fact there aren't many yet, as in reality the systems are inherently more secure out of the box and ( as this shows ) the major security flaw with them is still the user.

Userland Trojans aren't worth much so there isn't a lot of incentive to go after them. The windows world you are more able to get past userland and into the system itself, so the value is much higher.

Re:Not a virus

You are a disgusting person. I hope to God that Adobe subpoena's Slashdot's user records and sues you.

ADOBE HAD NOTHING TO DO WITH THIS. I'm sorry you're in love with Steve Jobs. You are a mentally unstable homosexual

Re:Not a virus

Also, in my experience, peoples' computers can run like absolute ass and they won't even notice, but if their phone starts responding kind of slowly when they hang up a call, or they don't get a full day of battery out of it? Straight to the Apple Store to get it fixed.

Re:Not a virus

Hey, douche bag, did ya' notice he corrected himself in the post directly above your post?? Why don't you print out his posts and send them directly to Adobe to speed up the legal process? Don't forget to include your post just so they know someone with your AC cred called him on it.

Re:Not a virus

( as this shows ) the major security flaw with them is still the user.

How was this the users fault? Does Apple warn against opening PDFs?

Userland Trojans aren't worth much so there isn't a lot of incentive to go after them.

That's 100% bollocks. Practically everything a trojan might want to do is doable as a normal user.

Btw, you may want to look up "userland", I don't think it means what you think it means -- or at least the sentence makes even less sense when interpreted properly.

Re:Not a virus

[Cee]

This jailbreak thing is indeed a real live exploit running in the wild, but it's a trojan (kind of) since you are asking it to do one thing (display a PDF) and it does another (jailbreak the phone).

I wouldn't say it's a trojan. A trojan tricks the user into running some code which does something nasty the user doesn't expect. The user expects that his phone will be jailbroken, not that a PDF is displayed. After all, the web page says "this will jailbreak your Iphone". It doesn't matter what kind of exploit is used.

Re:Not a virus

[juasko]

The very first virus written on an Apple II also did the user a favor...

Re:Not a virus

[juasko]

not connected, hey we're talking iphone here don't we?

I would understandu u if u said Nokia,SE,Samsung,Motorola or even RIM but hey this is not even Android it's iPhone which pretty much is connected when needed, which is basically constantly.

Re:Not a virus

[juasko]

lol anti apple fanboyism has always been grater than apple fanboyism

ur and perfect example of it, just as antennagate is.

Re:Not a virus

[juasko]

This exploit can be used withouth trix, enough for an add banner on a commonly used webpage to utilise this. The user would not even notice.

So Virus is not correct as it wont replicate itself, but a trojan it's not as a trojan will require user action for install. This only requires the user browsing a page with the exploit.

I'm not sure what the defenition of a worm is but maybe this falls into that category.

Re:Not a virus

[catmistake]

Macs (and the iPhone) do not yet have any active viruses in the wild.

And it may never happen. UNIX has been around for a while, much longer than, say, Windows. The attack vector in Windows is far wider and far more inviting. There are UNIX virii, and have been for decades, but mostly they are proof of concept for research. Those that say it's only a matter of time before Apple and OS X are hopelessly infected as most networked Winboxes are fail to see that it's very difficult for viruses on UNIX and UNIX-like systems to gain a foothold... and it's not going to get any easier for them to do so.

Re:Not a virus

[catmistake]

And iPhones are a GREAT target for virus writers. Mobility, Bluetooth, WiFi, what's not to like?

UNIX. For whatever reason, historically, the only virus authors for UNIX-type systems seem to do it for the sake of research and not destruction. Also, it's a very small target compared to the bullseye on other, non-UNIX-like systems. Do you often reach over the dollar to pick up the dime? Why should virus authors be any different?

Re:Not a virus

I think you're missing the point that it's a root level exploit that can be delivered via something as innocuous as a PDF file. Sure the exploit is being used in this instance to deliver code most of the users visiting the site actually want (although I'd be interested to hear Apple's position on the warranty of people who visited the site out of curiosity and didn't necessarily want the jailbreak), but that doesn't mean the exploit itself is in any way a good thing to go unpatched.

Re:Not a virus

[Pvt_Ryan]

Indeed, and unlike PCs they are almost always guranteed to be on.

Re:Not a virus

[morgan_greywolf]

At the current rate of smartphone/tablet adoption, it won't be long before iOS and Android-based devices become prime targets. Symbian phones have already been getting virii for years.

Re:Not a virus

[morgan_greywolf]

I think you didn't read my entire post before you replied to it.

Re:Not a virus

[Skuld-Chan]

What is to stop a website from putting a pdf inline as to infect unknowing users?

The other big question - Safari runs at a permission level to allow one to remotely change operating system permissions? Its inherently insecure and is just waiting for a wave of exploits to come down the pipeline (or black hats have already exploited it and we just don't know it yet) from some other bug not related to PDF.

Re:Not a virus

[mcgrew]

MS is getting better, Adobe is getting worse. Has Adobe surpassed Microsoft as "the company who writes shitty, exploitable software and doesn't care about users' security"? I almost like Windows 7 (almost).

GODDAMN BIG FUCKING HUBRISTIC CORPTATE SCUMBAGS! LEARN TO FUCKING PROGRAM, you incompetent assholes!

Sorry, didn't mean to rant but I'm getting tired of this shit. A fucking document viewer should not have any "features" that allow it to have security holes. WTF are these goddamned idiots thinking, anyway? Or are they even thinking at all?

Re:Not a virus

Prove that there aren't any malware / virusues in the wild, especially for the phone. Do you have a process viewer? Do you have some heuristic software detecting malignant behaviours?

People are intentionally visiting a site that completely cracks open the entire operating system's proections that was *NEEDED* because users are provided little to no information as to what the app was doing (i.e. same problem as a regular computer as defined by today). A jailbroken phone has full access to the file system, and there ALREADY ARE VIRUSES / MALWARE for jailbroken users.

A quick "i'm feeling lucky" google nets me: http://www.tomshardware.com/news/iphone-virus-botnet-bank-details,9136.html

Mobile systems should be a juicy target for malware writers because:
- Difficult to remove, since most phones by default won't provide low-level tools and there's no way short of factory-reset to get it out. (With a desktop, you have a chance to remove it if you know what you're doing with registry edits, startup script changes, etc.)
- Mobile phones are almost always on, unlike desktops which are typically shut down when not in use.
- People like you think that it's unlikely for a virus / spyware to make it on to a phone or the phone is not a regular computer and can't get malware / spyware, so they don't consider it. (Meanwhile their location is being logged and reported back to a particular company right now, even without a jailbroken phone... just for looking at ads.)
- Not do you have CPU / internet resources of a desktop, you could easily make a real-life phone / SMS based DoS on someone / some company.

Stop drinking the kool-aid, and stop spreading your ignorance.

Re:Not a virus

[ekhben]

Feel free to adjust the original statement to "Macs (and the non-jailbroken iPhone) do not yet have any active viruses in the wild." I don't mind, I'm not here to attack or defend the iPhone.

I do find it interesting that a worm with limited scope and no stealthiness is still sufficiently active to attack new targets inside a short window of opportunity. One might say it's active in the wild, even :-)

Re:Not a virus

[catmistake]

Again, there are unix viruses... like that famous worm in 1988. But, geez, why hasn't it been all downhill for UNIX since? Because UNIX doesn't suck.

Re:Not a virus

[catmistake]

It doesn't matter that they are targeted, even if there are billions of devices to target, the target is still smaller than a less secure OS, and the OS of choice for virus authors. They are not pioneers. They don't climb mountains just because they're there. They climb the easiest mountain, not the most numerous.

Re:Not a virus

[juasko]

(-1 Troll) because an open system actually can be rootkited....

Jailbreak WARNING!!!

[daveywest]

Everyone's so excited about how easy this jailbreak is, the tech blogs are neglecting to report the problems with the current jailbreaks. Homescreen bookmarks no longer work on any iOS 4 devices after applying this patch. This is a known bug that's been in public knowledge for weeks, yet I've seen no tech blogs reporting the problems. Frankly, this jailbreak created more problems then solutions.

Re:Jailbreak WARNING!!!

BREAKING NEWS!

Your attention please. We have a very important announcement to make. Listen carefully, because what we have to say MAY SAVE YOUR LIFE!

Today's top story: Hacks can have unintended consequences.

That is all.

Re:Jailbreak WARNING!!!

Homescreen bookmarks no longer work on any iOS 4 devices after applying this patch.

Really? Homescreen bookmarks don't work anymore? I did this jailbreak yesterday on my iPhone 4 and the existing homescreen bookmarks I have work and I was able to create new ones and they work just fine. Not that I haven't had a few nagging issues but that sure wasn't one of them. And Engadget reported the problems with MMS and FaceTime before they were fixed. Just sayin'...

Re:Jailbreak WARNING!!!

[slimjim8094]

You must have bad luck. Neither I, nor anybody I know with jailbroken phones, has any bookmark issues. I have heard of MMS and FaceTime issues, but I don't really use either.

Frankly, though, the jailbreaks are less necessary for me than they were on 2.0/3.0. Multitasking, copy/paste, Bluetooth keyboards etc are all built in now, and done better than the unofficial apps (as professional as they are). I was browsing through Cydia the other day and while I installed the usual MobileTerminal, ssh, etc - that I didn't really need any of the stuff I'd had. I'll keep it jailbroken for now, since I'm developing a GPS utility that doesn't work properly in the simulator, and I want to finish it before I spend the $99. But I'm - for the first time - not too worried about losing the jailbreak from a practical standpoint.

Re:Jailbreak WARNING!!!

[exomondo]

Everyone's so excited about how easy this jailbreak is, the tech blogs are neglecting to report the problems with the current jailbreaks. Homescreen bookmarks no longer work on any iOS 4 devices after applying this patch.

What other problems are there? Facetime and mms were fixed and i haven't seen your issue crop up on any of my friends' devices.

Re:Jailbreak WARNING!!!

Works fine for me on my "exploited" iPhone4

Re:Jailbreak WARNING!!!

[wkearney99]

What created the problems was Apple's asinine censorship policies.

Did they learn nothing in the past decade? View exploits were a fun way to get the Newton to do some tricks too.

Re:Jailbreak WARNING!!!

[djrobxx]

I haven't had a single problem with this jailbreak. I have no problems with home screen bookmarks (or MMSes, or Facetime). The only reported issue I see are some tiny graphical specs on the Apple logo at boot time.

Re:Jailbreak WARNING!!!

[saurik]

This bug has been known for so long, in fact, that it was fixed weeks ago in a newer release of redsn0w/PwnageTool, and this issue does not and never occurred with the jailbreak in question here (jailbreakme.com). Please stop redistributing obsolete rumors and lies as if they were facts.

Re:Jailbreak WARNING!!!

[saurik]

That guy was incorrect: that bug never occurred with this jailbreak, and has been long fixed on the one that did cause it.

Re:Jailbreak WARNING!!!

[crossmr]

Actually the bigger problem is that my banking apps no longer function. I finally jail broke my ipod touch, but then immediately restored it because I couldn't use my banking app. Far too useful to give up.

Re:Jailbreak WARNING!!!

You haven't tested the new jailbreak. You are misinforming the public.

It's true that for PwnageTool and redsn0w, an interrim patch was created that did not have correct behavior, but those were just releases to tide everyone over until a new exploit can be created. A proper patch (made by me) that does the correct thing is in the jailbreak delivered by jailbreakme.com.

Love, planetbeing.

Re:Jailbreak WARNING!!!

Let's hope it's not a bunch of worms.

Re:Jailbreak WARNING!!!

Homescreen bookmarks no longer work on any iOS 4 devices after applying this patch.

I disagree with that statement. I just created a home screen bookmark on my jailbroken iPhone 3GS running 4.0.1.

Re:Jailbreak WARNING!!!

[TechCon2821]

Say it ain't so!!!

GSview

[tepples]

PostScript files may not render on certain devices, such as non-PostScript printers.

Any printer can be used as a PostScript printer if the PC connected to it is running an implementation of the PostScript language, which converts a PostScript file to a bitmap image. See GSview.

Re:GSview

[TomXP411]

Yeah, I regretted that particular turn of phrase as soon as I said it. :-) I got sidetracked while writing up the post, and I keep forgetting that /. doesn't have an Edit button.

Actually, it's kind of weird that one of the most frequented sites on the web doesn't have better commenting and editing capabilities...

PDF?

[Exitar]

It's Adobe's revenge!

Re:PDF?

[clone53421]

No. Didn’t you read TFS? The PDF renderer is a native part of OS X. Adobe had nothing to do with it.

Re:PDF?

[cbhacking]

Not only is it native, it's really, really insecure. A security researcher named Charlie Miller wrote a 5-line Python script to generate fuzzed (slightly corrupted) PDF files from valid templates. He created roughly 2.8 million of these, and then ran them through Apple's Preview program, and through Adobe Reader. His findings:

0.09% crash rate on Reader, and 4 exploitable bugs found.
5.6% crash rate (52x as many), and 61 exploitable bugs found (15x as many).
When your security is more than an order of magnitude worse than Adobe's, you've got a major problem.

By the way, this is the guy who won an iPhone at Pwn2Own. He's presented at CanSecWest and Blackhat, and possibly elsewhere. He knows his stuff.

Re:PDF?

[cbhacking]

(Sorry to reply to myself, but the second line - the 5.6% crash rate and 61 exploitable bugs - is in Apple's Preview app. I also got the factor wrong (it's closer to 60x as many crashes). Sorry, I really need to stop posting on /. at work; I'm too distracted to double-check before hitting Submit.

Re:PDF?

[toadlife]

When your security is more than an order of magnitude worse than Adobe's, you've got a major problem.

Now imagine if 85% of the world's desktop computers ran OSX.

Re:PDF?

[tehcyder]

When your security is more than an order of magnitude worse than Adobe's, you've got a major problem.

Wait a minute, are you saying that we now have to like Adobe and hate Apple?!
I feel a great disturbance in the SlashForce, as if millions of geeks suddenly cried out in confusion and were suddenly silenced as their heads exploded.

Re:PDF?

[betterunixthanunix]

Note that he did not say we have to like Adobe -- he said if you are worse than Adobe, you definitely have a problem. We can safely hate both Apple and Adobe, a fairly routine day on /.

Re:PDF?

[shutdown+-p+now]

Ironically, Microsoft actually uses fuzz testing to test for security problems in its products.

The new jailbreak is amazing

[mewsenews]

I came into the office this morning and noticed that a forums thread I monitor on jailbreaking had exploded over my long weekend. I checked the iPhone dev team blog and they explained that there is a new jailbreak that you can visit with the browser on your phone.

I navigated to the page on my phone and it said "swipe here to jailbreak".

I swiped.

It took about 5 minutes to jailbreak my phone and install the Cydia unofficial app store.

Simply amazing work. Once I had Cydia I installed ultrasn0w from the repository and now my phone is carrier unlocked.

Great job, hackers!

Re:The new jailbreak is amazing

[roman_mir]

Yes, excellent job. Now you just ran an app on your hand held computer that rooted it from a browser. Amazing work of the hackers aside, are you certain you now know for sure your phone is not spying on you and is not going to be used for something you do not want, like someone else using your connection for long distance calls or for spam or DDOS attacks or just a part of some cellular botnet?

Amazing job - someone rooting your phone through a PDF.

Re:The new jailbreak is amazing

[Darkness404]

As opposed to running a nearly entirely closed system on your phone with a network who has helped the NSA on multiple occasions on warrantless wiretaps?

Lets face it, the "hackers" most likely are going to be better than a power-hungry corporation which assists the government whenever possible.

Re:The new jailbreak is amazing

Pardon my language, but, what the fuck?

If my web browser is such that browsing to a page can lead to code execution as root, that's bad. I don't care if the system is open or closed or what government agency might be listening in, it is a serious vulnerability any way you slice it. It should be patched.

Your comment is entirely irrelevant to the post it is replying to. You're phrasing it as a rebuttal of some kind, but it does not say anything to this point.

Re:The new jailbreak is amazing

You know, you don't have to reserve all of your paranoia for the government. Are you really more worried about warrantless wiretaps than about completely anonymous people on the internet having the ability to take over your computer? Do you realize that -- even if we think the absolute worst of our government, and all yours fears are real -- the latter group is a superset of the former? Feel free to be paranoid, but try not to be stupid about it.

Re:The new jailbreak is amazing

[cbhacking]

That's the Apple stance on kernel-level remote code execution exploits: It Just Works!

Re:The new jailbreak is amazing

[Fumbili]

All your iPhone are belong to us!

Re:The new jailbreak is amazing

[roman_mir]

Your comment is ridiculous, yet moderated at +5 Insightful. If your computer can be owned through a web browser by opening a PDF, then your computer is insecure, this is the issue.

If you buy products from a company that does not release source code that is a different issue completely. Yes, a company can be providing governments with your information. No, it does not make it OK for the phone from that company to be exploitable the way iphone is.

Re:The new jailbreak is amazing

[lennier]

Are you really more worried about warrantless wiretaps than about completely anonymous people on the internet having the ability to take over your computer?

Well, most completely anonymous people on the Internet don't, eg, have access to nuclear weapons and Navy SEALs.

The US government does.

Just sayin'.

Re:The new jailbreak is amazing

[jazzmans]

Uhm, if you read on the jailbreak page, after the phone is jailbroken, and Cydia installed, they (the hackers who wrote the exploit) then fix the flaw in safari so that no more code can be run to root the phone.

So, yes. It is a benefit, since there is obviously a serious flaw in the os & jailbreaking it fixes the flaw.

Oh yeah, and no mms or bookmark issues for me either. It Just Works.

jaz

Re:The new jailbreak is amazing

[Jay+L]

What?

The iPhone is vulnerable to rooting attacks via its PDF handler by any web page. If and when someone writes a -malicious- exploit for that, wouldn't they just hide it in a page that gets LOTS more views, like porn? Why would they go to the trouble of putting it in a useful-but-geeky jailbreakme site?

Re:The new jailbreak is amazing

[pspahn]

I went to the grocery store to buy some apples. I asked the clerk where the apples are, and he responded, "The gas station doesn't even have access to pumpkins!"

Re:The new jailbreak is amazing

[selven]

If your computer can be owned through a web browser by opening a PDF, then your computer is insecure, this is the issue.

Agreed. So it would be better if this flaw was fixed. However, this flaw is currently not fixed and for the individual user running the exploit does not add the vulnerability, it just uses it.

Re:The new jailbreak is amazing

[Draek]

As opposed to buying a phone that does not require a vulnerability the size of a small country to do what you need it to do in the first place.

Besides, these kinds of vulnerabilities can be exploited by anybody, not just the 'good' hackers and the 'bad' hackers, but potentially the government you so fear as well. So no, unless the jailbreak fixes the vulnerability (I highly doubt it), you haven't gained any safety at all.

Re:The new jailbreak is amazing

You are an idiot. Please don't post here anymore.

Re:The new jailbreak is amazing

[CharlyFoxtrot]

s far as I'm concerned the dev-team is a trusted source. These guys are doing amazing work and have been for some time. They are hackers in the true sense of the word. BTW they also released a tool that will warn you when a PDF tries to load so it can no longer be done surreptitiously and you are at least aware of the risk when opening a file.

Re:The new jailbreak is amazing

Are you certain you now know for sure your phone is not spying on you and is not going to be used for something you do not want, like someone else using your connection for long distance calls or for spam or DDOS attacks or just a part of some cellular botnet?

And are you about your iPhone even if you don't visit jailbreakme.com?

Ridiculous.

Re:The new jailbreak is amazing

[wannabgeek]

May be he trusts the iPhoneDev team. Every time you install a program whose source you have not inspected, you're trusting the source. He's doing the same. How is it any different?

Re:The new jailbreak is amazing

[korpenkraxar]

Damn! As with so many other aspects of Apple's user interfaces, the iPhone now also provides a really smooth rooting process.

Re:The new jailbreak is amazing

[korpenkraxar]

A fine demonstration of apps in the cloud reaching maturity. Waiting for Android compatibility :-)

Re:The new jailbreak is amazing

[roman_mir]

Ridiculous. I don't own an iphone.

Re:The new jailbreak is amazing

[jasonhamilton]

In some of the previous versions of the web jailbreak, they would also patch the bug after jailbreaking.

Not sure about the current jailbreak, but in the previous case, you were left with a more secure phone than with the firmware offered by apple.

Re:The new jailbreak is amazing

[maxwell+demon]

Are you really more worried about warrantless wiretaps than about completely anonymous people on the internet having the ability to take over your computer?

Well, most completely anonymous people on the Internet don't, eg, have access to nuclear weapons and Navy SEALs.

The US government does.

Just sayin'.

On the other hand, the US government (or any other government, for that matter) wouldn't have much use for the amount of money I've got on my bank account (that amount is negligible compared to government budgets).

Most completely anonymous people on the Internet would.

Just sayin'.

Re:The new jailbreak is amazing

Well I do agree with your main points, however I must point out that Safari has always sucked on pretty much every platform... So as long as iPhone users simply use Opera Mini they should theorhetically be fine

Re:The new jailbreak is amazing

[mdwh2]

And you know to trust a random web page?

More generally, even if it's benign, it's still worrying that there's a gaping exploit out in the wild, where many people won't know to visit this web page. (It's also irresponsible of the media to spin this is a good thing; if it was Internet Explorer, there'd be no end of criticism about how bad it was.)

It Just Works.

Yes, getting your phone rooted by a web page certainly Just Works.

Re:The new jailbreak is amazing

[mdwh2]

I suspect that this site would have got massively more hits than any given individual pr0n web page, especially when we consider the large amounts of media coverage this has got (with the media spinning it as a good thing).

Re:The new jailbreak is amazing

Why would you go to a porn site to read PDFs? And who is to say the plan isn't to pretend to be a safe little geek site, get the good word out on sites like /. to massively increase traffic, then switch out the whitehat rootkit for one with some additional, unexpected payloads?

Adobe Strikes Back!

[agent_vee]

Jobs has yet to slay the beast

Re:Adobe Strikes Back!

[Kitkoan]

Jobs has yet to slay the beast

Problem is for all of Jobs complaining about Adobe (and more accurately Flash), Jobs seems to love Flash. While its not on the iPhone, it is installed by default on every Mac and is the only major OS that does that. Windows, OpenSUSE, Ubuntu, these need you to go get Flash after you've installed the OS. OSX has it out of the box showing that Jobs does indeed feel a big love for Flash and feels it really is something that helps make a system feel "more complete" and ready for the mass market.

Re:Adobe Strikes Back!

[fuzzyfuzzyfungus]

They may have stopped in later versions(my job description requires supporting XP, and you have to pay me to care about windows, so that is where my knowledge lies); but MS included flash in XP. It is version 6; because base XP is older than dirt; but they did include it.

More relevant to modern readers, most OEMs seem to ship consumer-focused systems with vaguely up-to-date-but-just-a-bit-behind versions of Flash(and acrobat reader, and other stuff). This isn't strictly microsoft's fault; but it is what you are likely to get out of the box.

Re:Adobe Strikes Back!

[yuhong]

In fact, even 98 did, and I know this because I once installed 98.

Re:Adobe Strikes Back!

[zeroRenegade]

The OS X compositor is based on their own implementation of the PDF specification inside of Quartz 2D. Which means, they use their own framework to render PDFs. Why would they use acrobat reader when their core graphical framework is built around PDFs? This has nothing to do with Adobe or Flash.

Also, the PDF exploit was only the initial hack to upload their code. Somehow they managed to gain root access just from executing the payload data within the nested browser application. This worries me a lot more than the PDF browser exploit.

Apple = Fail

Re:Adobe Strikes Back!

[netsharc]

And incredibly for me, because I never use IE, I never updated my Flash for IE plugin, only noticing this problem when Google Earth (which uses the IE engine) couldn't display YouTube videos. So, ironically, using non-IE browsers and keeping the Flash plugin there up-to-date left me more vulnerable to an exploit (if I happen to use a program using the IE engine) -- if I had used IE I would've probably updated Flash sooner.

So there's another hole to exploit: try to load Flash content linked from a Google Earth file, and hope the user has been using the good browsers that he didn't notice that his Flash for IE is outdated...

Duh... pointed out ages ago

[Stoobalou]

http://www.thinq.co.uk/2010/8/3/iphone-4-jailbreak-gets-early-update/

Re:Duh... pointed out ages ago

[pclminion]

Yeah, I always refer to stuff that happened earlier today as "ages ago."

So what is it exactly?

[UnknowingFool]

It says that it's caused by a PDF vulnerability in iOS, but is it in Apple's PDF viewer or in PDF itself?

Re:So what is it exactly?

[wervr]

obviously both

Re:So what is it exactly?

[DragonWriter]

It says that it's caused by a PDF vulnerability in iOS, but is it in Apple's PDF viewer or in PDF itself?

Its obviously in Apple's PDF viewer, whether or not its a result of that viewer being a direct implementation of the spec.

But I'll be surprised if anyone can point to anything in any version of the PDF spec which requires a conforming implementation to allow unrestricted access to the underlying OS. It may require that certain APIs be available, but I'd be very surprised if it didn't allow those APIs to return errors if code running in a PDF document attempted to use them in a way which would violate the basic integrity of the underlying OS.

Re:So what is it exactly?

[cbhacking]

It's a bug in the font rendering component, which apparently lives in kernel space. PDFs are allowed to embed fonts, and apparently Preview doesn't verify the font data before tossing it to the renderer. Apparently the renderer doesn't verify it either, because instead of rejecting the data as invalid, it gives the attacker completely unrestricted control over the software.

PDFs having embedded fonts is a very useful and entirely reasonable feature. It would help if Preview validated the fonts, but that's not entirely required (you could validate somewhere further down the pipeline, so long as you don't try to process the unvalidated data). There are several other ways to remotely load fonts, ranging from other document formats to the Web Open Font Format (http://www.w3.org/Submission/2010/03/) and some CSS in a web page. There's a decent chance that at least a few others are vulnerable to this exploit. However, there's been considerable research recently into Apple's PDF reader, with one researcher finding 60 different exploitable bugs in the software (though most of them probably aren't kernel). By comparison, the same testing data found three exploitable bugs in Adobe Reader.

Having font rendering/rasterizing in the kernel is... not brilliant, but not inherently a critical security flaw. It's certainly possible to do in userland, and probably safer, but displaying text is something that almost every app will need to do at some point, and putting it in the kernel will minimize memory footprint and maximize performance. The real WTF here is that the data isn't being validated extremely carefully as soon as it enters the kernel, and possibly before. When kernel-mode code starts parsing unvalidated data, the best you can really hope for is that you get a kernel-mode crash and are forced to do a hard reboot (on Windows, this would be a BSOD).

Re:So what is it exactly?

[UnknowingFool]

But I'll be surprised if anyone can point to anything in any version of the PDF spec which requires a conforming implementation to allow unrestricted access to the underlying OS. It may require that certain APIs be available, but I'd be very surprised if it didn't allow those APIs to return errors if code running in a PDF document attempted to use them in a way which would violate the basic integrity of the underlying OS.

There was a PDF vulnerability about a year ago that allowed execution of code. This was a design feature in PDF to run other things like media. For Windows that allowed the running of code and not just media. It didn't affect just Adobe's PDF viewer; it affected any PDF viewer on Windows. It didn't affect OS X at the time.

Re:So what is it exactly?

[Serious+Callers+Only]

It's a bug in the font rendering component, which apparently lives in kernel space.

Another interesting side-effect of this of course is that any app which is accepted on the app store could also root your phone, so long as Apple doesn't notice at the approval stage, simply by loading a broken font. I imagine this is why @font-face is disabled in Mobile Safari right now.

It'd be funny if the jailbreak guys secretly did yet another flashlight app, or perhaps a bible app with fart noises, but one which does a full jailbreak as an easter egg, and then announced to the world that this app is already available for download on the app store.

It'd be an amusing critique of the pointless app store approval process at the same time as allowing a few more people to jailbreak.

Re:So what is it exactly?

[davidbrit2]

It's a bug in the font rendering component, which apparently lives in kernel space.

Not necessarily. Every iPhone has the same default root password out of the box, so I would think any user code stands a pretty good chance of being able to escalate permissions and start running kernel-level code.

Now we just need jailbreakers to fix the hole

[Myria]

Now we just need the jailbreak team to release a Safari/Preview patch to fix the hole. That way, we won't have to go to 4.0.2 in order to be safe from the PDF exploit, thus locking us out from the jailbreak.

Re:Now we just need jailbreakers to fix the hole

they have released a patch to fix the whole via cydia. Well not fix but warn you before loading any pdf file so you can chose whether or not to expose your phone to a risk.

Amazing those hackers.

Too easily overcome

[SuperKendall]

Why not? They make great attack drones that are reasonably difficult to trace.

That's true, but system updates can pretty much overwhelm anywhere a rootkit like system would attempt to hide, and users almost always install updates.

The greater willingness of users to actually install automatic system updates is (IMHO) the reason why you really don't see malware or viruses on Macs and iPhones. The whole system shuts down during an update and is pretty easily cleansed.

Re:Too easily overcome

[Khyber]

"That's true, but system updates can pretty much overwhelm anywhere a rootkit like system would attempt to hide, and users almost always install updates."

This might be useless if the 3G/4G networks gets blasted by a ton of zombied iPhones and updates can't get to the phone so easily. Or possibly you could use this to disable the network entirely and essentially brick it until reset to default.

So many attack vectors, so little time.

Re:Too easily overcome

[maxwell+demon]

And how exactly do users install updates? I guess using some interface of the iPhone itself. So is there any reason an active root kit cannot interfere with the update process and install itself in the updated version right at installation time?

Re:Too easily overcome

[shutdown+-p+now]

system updates can pretty much overwhelm anywhere a rootkit like system would attempt to hide, and users almost always install updates

Inquiring minds would like to know: is code for OTA updates in iPhone flashed into hardware and non-overwritable? Because unless it is, it would seem that, once the phone is jailbroken & rooted, the update code in software/OS could be trivially disabled. Or, better yet, replace it with one that pretends to work, downloading "updates" etc, so as to not arouse suspicion in the user.

Interesting...

That Tavis Ormandy is torn apart for releasing a more complicated vulnerability, but jailbreaking your phone just by clicking a url is widely celebrated. How difficult is it really gonna be to weaponize this jailbreak...

PDF is iOS core

[SuperKendall]

If you consider jailbreaking the iPhone a favor to the user.

The users who are doing it would, that's why they are doing it!

The next site that uses this gaping security hole to install a rootkit, or other malicious piece of software, won't be such a favor. This is a huge security issue for iDevices.

Oh, I totally agree - it's a pretty bad security flaw, and has nice demonstration code for how to exploit it as well so it's pretty much the worst possible case.

That's why it's so interesting to see if there are in fact followup malicious attacks.

The fact that it is a PDF exploit rather than an iOS issue makes it more difficult for Apple to patch since it's not "one of their own".

No. Apple wrote all the PDF handling code in iOS (and on the Mac). We'd see a lot more attacks like this had they embedded Adobe Reader....

Clearly it's Apple responsibility to fix this ASAP (and their fault for letting it get into customer's hands), so they better get on it before someone else starts turning things into iP0wns.

It is 100% on Apple to get a fix out. With 4.1 so close at hand, they may wait on that to finish up... or perhaps it's a sliding scale and the first sign of any real attack will bring down the update hammer if it happens before 4.1 (4.1 beta 3 just came out today and probably fixes this bug).

Re:PDF is iOS core

[WrongSizeGlass]

No. Apple wrote all the PDF handling code in iOS (and on the Mac). We'd see a lot more attacks like this had they embedded Adobe Reader...

I missed that in the story. Since it's been a part of iOS/OSX for a long time there is absolutely no excuse for it.

With 4.1 so close at hand, they may wait on that to finish up... or perhaps it's a sliding scale and the first sign of any real attack will bring down the update hammer if it happens before 4.1 (4.1 beta 3 just came out today and probably fixes this bug).

I'd be all over MS if they waited until this 'hit the fan' and I'll give Apple the same level of tolerance: zero. Apple needs to issue a fix for this yesterday.

Re:PDF is iOS core

Please use quote in stead of i, your post is hard to read.

Re:PDF is iOS core

[fgouget]

If you consider jailbreaking the iPhone a favor to the user.

The users who are doing it would, that's why they are doing it!

It's not because it's doing what it claims to do that it's not a Trojan. It could be doing other things too. I'm not saying it does but it would certainly be the perfect vector. Hopefully someone has investigated this already...

Re:PDF is iOS core

[gl4ss]

what they should have done would have been to use adobes reader in a cage.

or their own. or just not have done it with so many exploitable data handling.

it's already fixed in 4.1(betas) and desktop osx, at least some guy on the web said so. and through doing that, they made it pretty simple to dig up what the exploit was(fixed in desktop osx before jailbreakme). whats amazing about it is that it was exploitable on both platforms.

Re:PDF is iOS core

[SuperKendall]

Please use quote in stead of i, your post is hard to read.

Please use quote in stead of i, your post is hard to read.

I find that grey text and line more annoying than the slightly harder to read font, sorry - can't bring myself to switch.

The white man's burden

Cuz ain't no brothas dat can affo'd dis fone.

Youtube fix

[copponex]

If you are having trouble with the homescreen, there's a new jailbreak using a youtube video that should work:

http://www.youtube.com/watch?v=Tg4u7ko333U

Re:Youtube fix

Thanks! I tried what that video suggested and it fixed everything!

MacGruber?

MacGruber?

Apple does not use Adobe Reader for PDF

[melted]

Apple does not use Adobe Reader for PDF. I thought everyone knew this by now. Apparently not.

Re:Apple does not use Adobe Reader for PDF

[Spazntwich]

Give me back my shoes. You are a dog. They don't even fit.

Re:Apple does not use Adobe Reader for PDF

Funny, I don't remember the GP claiming otherwise.

not really that great a piece of work is it?

[Serendip7]

This exploit was already fixed in OSX with a patch..

http://support.apple.com/kb/HT4131

Comex basically just diff'd what was fixed in the latest OSX patches against what was in the last iOS patch. Then read up on this patch that hasn't made it to iOS yet. FYI, this won't work if you have 4.1 beta or higher installed supposedly (cuz Apple already had the patch bundled up ready to go when they release the next build)...

The real credit goes to Charlie Miller who found this problem in the first place.

http://www.appleinsider.com/articles/10/08/03/browser_based_ios_jailbreak_utilizes_scary_pdf_security_hole.html

The funny thing I found was that Charlie Miller was given credit by Apple in the patch note.. "Credit to Charlie Miller working with TippingPoint's Zero Day Initiative for reporting this issue." but then Charlie tweets about p[articular exploit.. "Very beautiful work,"... "Scary how it totally defeats Apple's security architecture."

Re:not really that great a piece of work is it?

[makomk]

The funny thing I found was that Charlie Miller was given credit by Apple in the patch note.. "Credit to Charlie Miller working with TippingPoint's Zero Day Initiative for reporting this issue." but then Charlie tweets about p[articular exploit.. "Very beautiful work,"... "Scary how it totally defeats Apple's security architecture."

Not really. There's a world of difference between finding a security vulnerability and coming up with a robust, reliable exploit for it like this one. Especially if the OS is supposed to have decent mitigation for security issues.

Mobile platforms can be a great target

[Beryllium+Sphere(tm)]

Bad guys can monetize a compromised cellphone in a single step by having it call premium-rate numbers.

user mode?

[hedley]

Why is this phone not running user mode for this stuff? System mode for services only, why is PDF parsing being handled in system mode? All this stuff, non-executable stacks/data, memory protection etc ought to be set to the max. On the one hand its exciting to see these hacks, on another its depressing since in my own life as an ARM fw programmer, I would have been shown the door 10 yrs ago for that type of coding oversight.

Disagree on degree of connection.

[SuperKendall]

They are not connected to the internet as much

I disagree - they are actually connected way more often than a normal PC. People close laptops, and lots of people shut down desktops at night.

A phone is on 24x7, always connected to the cell network. It's not even shut down for charging.

Also, using a phone as a zombie is going to be draining resources, and phones are built to process as little as possible to save battery.

It would eat into battery quickly to be sure. I totally agree they would be pretty weak for a botnet node.

Re:Disagree on degree of connection.

[delinear]

I think the usefulness as a botnet would be limited anyway. It would be quickly picked up by the media (a massive iPhone exploit would be much sexier news than another Windows bug), Apple would rush through a patch and most users would go update right away. The biggest payoff would be a fraud attack with a quick turnaround, or else malicious users undermining Apple's security message.

Why do we buy Apple? No hack for Sony Mylo, or?

There are plenty of other consoles out there that have interesting capabilities.
For instance a Sony Mylo: there are hacks, but none have actually utilised the hack
for running anything yet. ZipIt came out with a hack, and it's doing some neat
things now. There are many little PDA phones that get obsolete just because the
Cell Phone service-network dries-up, but they are still usable if only someone
spent the time to modify them back into a 2-way or non-encryped or half-duplex kind
of tranceiver like back in the day when these were nothing more than glorified portable
HAM radios where namely it's the encryption that can be disable to make them workable again.

But why Apple? They aren't even made in USA like Motorolla once was...

Re:Why do we buy Apple? No hack for Sony Mylo, or?

[cayenne8]

I've been looking, but haven't found much info for AFTER you do the website jailbreak....

Any links out there?

Can you/should you hook it to iTunes for backup? I can guess not to take any firmware updates paste 4.01, but what about otherwise normal iPhone/iTunes activity? How do you restore if you need to?

There's little to no info I've see looking at www.jailbreak.com...

Anyone have any good info or links?

Re:Why do we buy Apple? No hack for Sony Mylo, or?

[cayenne8]

OOps...wrong URL...but same complaint.

www.jailbreakme.com

bleh

[buddyglass]

For a good while now the size of drives has been mostly meaningless to me. I don't store any movies or music. My current XP installation, with MS Office and Eclipse, takes up about 10 GB. I'm much more interested in "fast" than I am "big".

Re:bleh

[buddyglass]

Ah hell. Wrong thread. The internets are hard.

Not really an issue

[SuperKendall]

This might be useless if the 3G/4G networks gets blasted by a ton of zombied iPhones and updates can't get to the phone so easily.

The updates comes through iTunes on the users home connection, not over the cell network.

Or possibly you could use this to disable the network entirely and essentially brick it until reset to default.

That implies an exponential spread which would mean a real virus. A website or two that spread malicious code would be unable to have this effect. There's really not a good way you could get a virus going on the iPhone, it's not like they are listening to the internet at large for incoming data or have open ports you can do something with.

Besides, on AT&T, how would you be able to tell?

Re:Not really an issue

[delinear]

Well the first attack vector that springs to my mind is installing malicious code that will email/text everyone in your contact list (and update your facebook and send out a tweet etc) with a link to the originating site. Since this will look like a link from a trusted source, I'd imagine a fair number of users would follow the link. The fact that updates can't be pushed over the air, while meaning patches never become unavailable as 3G traffic gets flooded, also means it will take users longer to get the patch - they might not even realise there's an issue until they next connect to the computer (my GF does that maybe two or three times a month as she doesn't buy a lot from iTunes).

As for the reasons to take over a phone - well there's much more trouble you could cause than just using it for DoS on 3G - have all infected phones dial out to premium rate numbers at 3am, for instance, and there would be all kinds of chaos, or a key logger to capture people's account details for things like Amazon, eBay, banking apps (a bad idea if ever I heard one) etc.

Does it Fix it?

[adavies42]

The original jailbreakme.com exploit, the iPhone 1.1.1 one that Woz demo'd on video, cleaned up after itself by patching the graphics bug that it used. Does anyone know if this exploit does the same thing?

Re:Does it Fix it?

[CharlyFoxtrot]

I've posted this in other threads but it gets completely ignored in the "OMG HAX" hubbub : if you've jailbroken your iPhone you can install PDF Loading Warner which will warn you when PDF are opened that you are vulnerable and should only open files from a trusted source. This way you cannot be caught unawares.

Re:Does it Fix it?

[iammani]

Dont worry, there will be yet another slashdot article, discussing the fix!

Drive by jailbreaking

[phasiclabs]

Does anyone know if any sites are auto-jailbreaking phones that visit them yet? If so, what would be the symptoms? I've just released a lite version of Hexius, and went to visit Apptrackr to see if a "cracked" version had appeared yet (yes - lite versions also get cracked for some reason). My phone mysteriously went to the lock screen and the sim had also become locked....

Re:Drive by jailbreaking

[phasiclabs]

thanks for that relevant, well considered, and coherent response.

Slight difference.

[chaboud]

Closed game consoles have more inertia to the publishing and distribution process, and it is *extremely* rare for a game to be pulled after it has been on the market for a while...

I know that a lot of the venom towards the walled garden takes the position that it's from the user perspective, but the idea of doing speculative development just to have your app blocked (possibly because Apple may be duplicating the behavior in secret) is certainly a bummer.

Treat it as Flash...

[MessageDrivenBean]

Dear mr. Jobs,

You already killed Flash for iOS devices. Now it is time to kill PDF as well.

Kinds regards,

MessageDrivenBean.

Re:Treat it as Flash...

[catmistake]

Can't happen. Display-PDF is an integral part of the system. They'd have to dump the GUI, but the benefits far outweigh the deficits. The could go back to Display-PostScript, but then they'd be filling Adobe's coffers again. (PDF is open source, PostScript is not).

Re:Treat it as Flash...

[juasko]

that would kill a lot of iOS...

I guess Display Postscript that was used in NeXT would have been a better choice for Apple than going for the license free PDF. At least DisplayPostscript was developed at a time when Adobe used to make quality code. Now they're more bloated than Microsoft, and refuses to fix their old bad code.

Been an Adobe user from the times of Photoshop 2.5-4 and Illustrator 3-5 and now CS-CS3 + Illu 7-10. And the later versions just suxs, pure bad implementation where they break their own code, and fixes it 2 versions later. Flash has always been flawed since it's introduction, I never liked it and never will.

But then Apple does not show it's old quality stand anymore either. I missed the days with MacOS when it just worked as expected. System 7-7.1 was nice. True multithreading and tasking wasn't so nice but still the user experience was nicer than in NT 3.5-4.

Nah ATM i'm tryingt to move away from Adobe products totally. But Photoshop in CS5 is very intresting again with it's content aware features.

Re:I think it is because titles can only be so lon

The flaw in Apples' software opens the iPhone to the owner in addition to being exploitable by a malcontent (which they should mention and even emphasize, if only in the body of the article.)

What, do you mean by locking down the device an restricting its users in every possible way they can actually turn remote vulnerabilities into good press?

I have to admit it, the marketing gurus at Apple are some real geniuses...

Mod parent up

eom

Wikileaks prefers more heavy weight topics

[Viol8]

I doubt they care much about the latest gadget having a bug to be brutally frank. Whether you like them or not they tend to deal with somewhat more important issues than Joe Sixpacks iToy getting hacked.

Re:Wikileaks prefers more heavy weight topics

actually was thinking these security problems ought to lead to lots of documents being accessible, to some party using an exploid, and leaked.

What me worry?

[hesaigo999ca]

Apple has been the biggest Don't worry attitude type marketing platform...hell this would make me sh*t my pants if I were the CEO of Apple, imagine getting everyone to download an app that is so popular or a webpage hit that is so tremendous that all apple devices are bricked overnight...He would have to replace all of them, and declare bankruptcy!

Again, run by iTunes, updates not OTA

[SuperKendall]

is code for OTA updates in iPhone

No. As in, the iPhone does not do OTA updates. It's pushed out by iTunes.

You are thinking of Android.

Re:Again, run by iTunes, updates not OTA

[shutdown+-p+now]

The question is still valid, then. Is the code that runs on iPhone side during such an update entirely in hardware, or not?

(there has to be some code, even if it's just the USB controller)

Your response made no sense

[SuperKendall]

The question is still valid, then. Is the code that runs on iPhone side during such an update

iTunes does the updates. I don't think you have a very good grasp of what this means. It's overwriting the contents of your phone. There is no code running on the phone during an update. Why should there be? Seems like a massive security risk to run updates on the device itself, when you do not have to.

Re:Your response made no sense

[shutdown+-p+now]

The iTunes is pushing the update to a device. It can't do that unless the device is recognized by the computer. Is it mounted as an USB mass storage device? So far as I know, you can do that with iPhone, but all iTunes features stop working in this mode.

So then there is some custom logic on iPhone side that implements, at the very least, the custom USB protocol that is used by iTunes to do all things it can do, including software update (perhaps on some lower level, such as reading/writing files on internal storage). That "custom logic" is, inevitably, code. It may be code in firmware of its controller, but it's still code.

(I'm surprised I have to explain such basic things on /.)

Vulnerability? NO, Opportunity

[TechCon2821]

Technically any form of jail breaking your iPhone is considered by Apple to be a "Vulnerability." All it is, is retaliation against the recent ruling making Jail Breaking Illegal. Your average Joe Schmoe is in essence the vulnerability. The average user doesn't want to watch "how to" videos or read instructions on Jail Breaking, they just want to go to a website and let someone else do it for them. So some crafty programmer, finds this "Opportunity" and ceases it in order to make the process seamless to the end user while having the ability to enjoy the spoils of his conquest, personal information and ad revenue all courtesy of the silly uneducated user. If most users were more internet saavy and had some situational awareness, they would see these dangers and do their research before Jail Breaking, thus making the "vulnerability" a non-issue. Lastly, as soon as people start using Face Time for pr0n or video sexting services, Apple will come out with a statement saying there is a security vulnerability with the camera that allows for pornographic content to be broadcasted from your phone. You may accidently expose yourself to the person on the other end of the video conference...Oh No MR BILL! Mark my words, a staff of "Censors" will be hired and your video chat will have a 7 second delay so they can edit your video on the fly. FML..ooops wrong Forum...

privacy or spies, open source or open secrets

[h00manist]

So, when it seems like someone else has control over your phone, it's much more unsettling. You think of it and everything on it as "yours," and every time you're reminded that someone else holds all the keys to it, that illusion is dispelled a little bit more.

Well I'm coming to see it this way. Transparency, public accessibility, open source, GPL, leaks, true information, hacks, jailbreaks, less privacy, and spying, are all are a forms of "uncontrolled data", of data circulating with no control, although with contrary politics and interests depending on when, who, what, and where the data involves. Privacy, security, encryption, proprietary data, closed source, copyrights, patents, successful secrecy, misinformation, are all forms of "controlled data", of some party successfully controlling access according to whatever needs or interests they have. From a political, interests point of view, everyone wants their own data to be controlled, and those of others, to be uncontrolled. From a purely technical point of view, those intests are contradictory. Either we want technology that is controllable, or that is not. Any hack can be be used for spying, or for finding and leaking secret data. A right to privacy and secrecy can be used by a citizen to have the right to go out on a date hidden from his mom, and the same "rights" are used by a corrupt government official to hold private, secret meetings. It's the same tools, just the principles, politics, are different. Mom, or an ex, can spy on the son, or journalists can spy on the official, both violating this privacy. Well, in the end, data tends to circulate too easily, like ideas and thoughts, it seems to be the nature of all three, and going against this nature is just more and more complicated. It's much easier and efficient to go with the uncontrolled-data methods, and have open meetings, date people openly, have open source, less secrecy, and that unfortunately comes with it's price - less privacy. The problem is with the people that abuse this lack of control to data, and use it for secret purposes. Marketing companies, closed source, copyrights, spies, saboteurs, controlling parents, and the jealous ex.