The iPhone 4 jailbreak is one of the easiest ever. You just visit the jailbreakme.com webpage in Mobile Safari, swipe the “Slide to Jailbreak” slider, and it installs the unofficial App Store Cydia on your device.
But it comes at a price. The jailbreak exploits a wide-open security hole that could easily be exploited by malicious hackers. Malicious sites that install malware could exploit the largely unkown, unpatched security hole.
Note: The security hole in Mobile Safari is not caused by jailbreaking the device. It is already there on all iOS devices, jailbroken or not.
Apple is sure to investigate the exploit and quickly issue an update. But in the meantime, here’s a quick patch you can install yourself:
The JailbreakMe method is based on a PDF vulnerability in iOS: the iPhone automatically downloads PDF files, and the jailbreak code is included in the PDF’s FlateDecode stream section.
Note: There’s a security hole in Mobile Safari that can exploited whether you’ve jailbroken your device, or not. There’s nothing to prevent malicious websites from using the same method to plant nasty software on your iPhone — which could be used in all kinds of criminal and disturbing ways.
This patch doesn’t fix the hole, but it does pop up a warning asking you if you want to open a .PDF file. If you trust the source of the PDF file, you hit ‘Load.’ If not, ‘Cancel.’
Download this this .deb file from Will Strafach (@cdevwill) and open it on your your iOS device using iFile, a file manager that can be installed using Cydia. (Note: Strafach says he’s working on an easy-to-use app to install the .deb file that will be released to Cydia on Tuesday as PDF Loading Warner).
Navigate to /var/mobile
Double tap the .deb file to install it.
If you navigate to a website that tries to automatically open a PDF file, the following warning box will pop up:
“View File? The application wants to display a PDF on your device. There is a known bug in the PDF loading code that makes the running of arbitrary code possible, which could compromise your system. Are you sure you want to continue?”
If you hit “Cancel” you’ll see the following error message: