Researchers Reveal Jailbroken iPhone Exploit

A new jailbreak for the Apple iPhone has provided another example of remote exploits on mobile devices, security researchers say.

According to security researchers, the JailbreakMe 2.0 exploit takes advantage of two distinct vulnerabilities of free devices running Apple’s iOS. Now officially legalised, jailbreaking allows users to run unauthorised third-party applications on a mobile device.

The first bug Jailbreak 2.0 uses is related to the processing of Compact Font Format data within a PDF document, explained Vupen Security CEO Chaouki Bekrar. The second is a flaw in the kernel that can be exploited to “gain elevated privileges and bypass sandbox restrictions.”

Remote Exploit

Attackers could exploit the first bug remotely by tricking iPhone users into visiting a malicious site that would then redirect the browser to the appropriate malicious PDF file depending on the device model and version, Bekrar said. Once done, the kernel flaw can be exploited to take control of the device.

“The bad news is that the exploits affect all versions of Apple iPhone, iPad and iPod, and they could be easily modified and used by criminals to compromise Apple devices via drive-by download attacks,” Bekrar told eWEEK.

Apple did not respond immediately to a request for comment on the issue. However, Kevin Haley, director of Symantec Security Response, noted that details of the jailbreak exploit code are not publicly documented, and “the authors seem to have gone to some effort to obfuscate the code.”

Still, it is possible the exploit code could be altered by an attacker to deliver a malicious payload, Haley said. “Based on the facts right now, I think Apple should be concerned [about] this,” he said.

Jailbreak

While there has not been a huge volume of remote exploits for mobile devices relative to the number for desktops and applications, there have been several that could lead to the complete compromise of devices, said Michael Price, senior operations manager for McAfee Labs for Latin America. There are also a fairly large number of known vulnerabilities that could, theoretically lead to exploitation but that do not have corresponding public exploits, he added.

To Dave Marcus, security research and communications manager at McAfee, the situation should serve as a wake-up call for anyone with a mobile device: Remote exploitation is real and here to stay. “For now these vulnerabilities are being used only—as far as we know—to jailbreak iPhones, but they could be used to do many other things to iPhones and their owners around the world,” Marcus blogged.