July 7, 2011

Jailbreakme.com 3 and security implications

Patrik Runald

Jailbreakme.com version 3 went public yesterday and offers, again, a simple way to jailbreak an iOS device. And it's very, very simple. In fact, in our testing the jailbreak doesn't take more than 20 seconds from start to finish and works flawlessly. It doesn't crash your browser, and it even looks and feels like a regular App Store installation. Very slick but also very dangerous. 


The reason it's dangerous is that it works like a drive-by download (but requires user interaction), similar to the ones we see used attacking Windows PCs every day through vulnerabilities and exploit kits. What happens when you click on "Free" -> "Install" on the jailbreakme.com website is that your browser downloads a PDF file that triggers a vulnerability in how the built-in PDF reader handles a certain Font type which in turn installs the actual jailbreak. 

This isn't the first time we've seen a jailbreak like this for iOS. In fact, jailbreakme.com was used in August 2010 to do exactly the same thing, again with a PDF file. We didn't see any malicious use of this attack despite the source code being made available, but will it be different this time? It wouldn't be hard for a malicious attacker to reverse engineer how the jailbreak works and create something similar that doesn't require the user to click on "Free" -> "Install" and silently installs malicious code on your iOS device, either through the browser or via an email attachment. If this were created, an attacker could gain full control of your device and install everything from a keylogger to a full-blown bot. Or what about forwarding all mails to a third-party email address? The regular iOS sandbox won't be protecting your device, and since iOS is a variant of Unix, anything is possible. 

We hope that Apple will release an updated firmware to fix this vulnerability and not wait for iOS5 to fix it. On a side note, I made a bet with @mikkohypponen on how long it will take Apple to release the patch. My guess is less than 10 days, Mikko thinks in 5 days. What do our readers think, how long will it take Apple to release the patch?

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.