JailbreakMe's userland exploit is a big iOS security hole

The JailbreakMe website which allows users to have a browser-based jailbreak for their iOS devices is great for jailbreakers, but works because of a vulnerability in iOS: the iPhone automatically downloads PDF files, and the developer, Comex injected the jailbreak code into the FlateDecode stream section of the file.

This is a clear problem for Apple and for non-jailbreakers. Why is it not a problem for jailbreakers? Well, once the device is jailbroken, you can patch the hole, to prevent malware from using the same trick to hack into your iPhone. The fix, or rather the workaround, comes from @cdevwill on Twitter earlier today.

cdevwill's change will present a user with a warning whenever a PDF file is about to be opened by iOS. This will prevent a malicious website from loading malware using a PDF file without the user's knowledge.

In fact, if you wait until tomorrow, the fix should be on Cydia as "PDF Warning Loader." That should include everything you need to install the fix easily. If instead, you can't wait, you'll have to follow the following instructions (assuming you've already jailbroken your iPhone) and installed OpenSSH from Cydia.

Download this .deb file. Place it in /var/mobile on your device.

Then, you need to open it on your device. On the Mac, you can use Terminal, as follows:

• ssh root@your IP address
• alpine (default password for SSH; if you've changed it use that new password)
• dpkg -i file.deb

Your IP address is located under Settings, Wifi, active wifi connection.

Using iFile: on your iPhone, simply navigate to /var/mobile and double tap on the .deb file to install it. Once again, you can wait until tomorrow for the package to appear on Cydia, and as we said, this is really just a safeguard / workaround. Apple will have to patch this security hole in a future update of iOS (which will also, naturally, close this jailbreak).