Microsoft Office '08 for Mac + 2011 Upgrades

We are pretty sure everyone agrees that JailbreakMe 2.0 released by Comex yesterday is the easiest method to jailbreak the iPhone to date. Comex managed to develop a web-based method by using a security hole in iOS 4, iOS 4.0.1 or iPhone and iPod Touch and iPhone OS 3.2, iOS 3.2.1 for iPad. Below is a brief description of how Comex managed to jailbreak he iOS firmware using a web-based method:

The jailbreak stuff saved as FlateDecode stream within that PDF file, and vulnerability occurs when Mobile Safari loaded the PDF file, letting iOS to parse the FlateDecode filter, and use the font file inside, then Kaboom.

Many experts have raised concerns that the security vulnerability in iOS could be exploited in a similar way by malicious websites to install malware. It is important to note that the security hole has been around for quite sometime so it could have been used by malicious website but quite interesting and a bit hilarious that the experts were sleeping until now and are blaming the jailbreak for exposing the security hole. In this particular solution, jailbreaking offers users a solution to prevent websites from using the security hole in iOS. If you are one of the many who are concerned about the security hole, then follow these steps after jailbreaking your iPhone to prevent anyone from exploiting it:

  • Download this .deb file from Will Strafach (@cdevwil) and open it on your your iPhone, iPad or iPod Touch using iFile, which is a file manager that can be installed using Cydia.
  • Navigate to /var/mobile and then double tap the .deb file to install it.

After installing the .deb file, the following warning message will be shown if a website is automatically trying to open a PDF file:

“View File? The application wants to display a PDF on your device. There is a known bug in the PDF loading code that makes the running of arbitrary code possible, which could compromise your system. Are you sure you want to continue?”

If you don’t trust the website that is trying to open the PDF file then just hit the “Cancel” button and if you do trust it then just tap the “Load” button to continue.

The .deb file doesn’t necessarily patch the security loop hole but it does warn you against possible malicious attacks to your device. Based on the nature of the security loophole in iOS, it is widely speculated that Apple will patch it in the upcoming iOS 4.1, which is currently in beta. However the iPhone Dev Team don’t seem worried as chpwn recently tweeted the following:

You should know that there are /lots/ of public exploits out there, and @comex’s JailbreakMe just uses one of them. No big de

It looks like the cat and mouse game between iPhone hacking community and Apple will continue. What this means for the consumers who are now rejoicing over the jailbreak and soon to come unlock – don’t upgrade your phone to iOS 4.1 until given the word from the hacking community. Are you one of the people who is worried about the security hole? Or are you just glad you can jailbreak your phone? Let us know int he comments below!

As usual stay tuned for more news and info on the topic by following us on Twitter and/or subscribing to our RSS feed.

Sources:  MacStories, Chpwn (Twitter)