The iPhone 4 jailbreak is one of the easiest ever. You just visit the jailbreakme.com webpage in Mobile Safari, swipe the “Slide to Jailbreak” slider, and it installs the unofficial App Store Cydia on your device.
But it comes at a price. The jailbreak exploits a wide-open security hole that could easily be exploited by malicious hackers. Malicious sites that install malware could exploit the largely unkown, unpatched security hole.
Note: The security hole in Mobile Safari is not caused by jailbreaking the device. It is already there on all iOS devices, jailbroken or not.
Apple is sure to investigate the exploit and quickly issue an update. But in the meantime, here’s a quick patch you can install yourself:
The JailbreakMe method is based on a PDF vulnerability in iOS: the iPhone automatically downloads PDF files, and the jailbreak code is included in the PDF’s FlateDecode stream section.
Note: There’s a security hole in Mobile Safari that can exploited whether you’ve jailbroken your device, or not. There’s nothing to prevent malicious websites from using the same method to plant nasty software on your iPhone — which could be used in all kinds of criminal and disturbing ways.
This patch doesn’t fix the hole, but it does pop up a warning asking you if you want to open a .PDF file. If you trust the source of the PDF file, you hit ‘Load.’ If not, ‘Cancel.’
Download this this .deb file from Will Strafach (@cdevwill) and open it on your your iOS device using iFile, a file manager that can be installed using Cydia. (Note: Strafach says he’s working on an easy-to-use app to install the .deb file that will be released to Cydia on Tuesday as PDF Loading Warner).
Navigate to /var/mobile
Double tap the .deb file to install it.
If you navigate to a website that tries to automatically open a PDF file, the following warning box will pop up:
“View File? The application wants to display a PDF on your device. There is a known bug in the PDF loading code that makes the running of arbitrary code possible, which could compromise your system. Are you sure you want to continue?”
If you hit “Cancel” you’ll see the following error message:
Leander Kahney is the editor and publisher of Cult of Mac.
Leander is a longtime technology reporter and the author of six acclaimed books about Apple, including two New York Times bestsellers: Jony Ive: The Genius Behind Apple’s Greatest Products and Inside Steve’s Brain, a biography of Steve Jobs.
He’s also written a top-selling biography of Apple CEO Tim Cook and authored Cult of Mac and Cult of iPod, which both won prestigious design awards. Most recently, he was co-author of Cult of Mac, 2nd Edition.
Leander has been reporting about Apple and technology for nearly 30 years.
Before founding Cult of Mac as an independent publication, Leander was news editor at Wired.com, where he was responsible for the day-to-day running of the Wired.com website. He headed up a team of six section editors, a dozen reporters and a large pool of freelancers. Together the team produced a daily digest of stories about the impact of science and technology, and won several awards, including several Webby Awards, 2X Knight-Batten Awards for Innovation in Journalism and the 2010 MIN (Magazine Industry Newsletter) award for best blog, among others.
Before being promoted to news editor, Leander was Wired.com’s senior reporter, primarily covering Apple. During that time, Leander published a ton of scoops, including the first in-depth report about the development of the iPod. Leander attended almost every keynote speech and special product launch presented by Steve Jobs, including the historic launches of the iPhone and iPad. He also reported from almost every Macworld Expo in the late ’90s and early ‘2000s, including, sadly, the last shows in Boston, San Francisco and Tokyo. His reporting for Wired.com formed the basis of the first Cult of Mac book, and subsequently this website.
Before joining Wired, Leander was a senior reporter at the legendary MacWeek, the storied and long-running weekly that documented Apple and its community in the 1980s and ’90s.
Leander has written for Wired magazine (including the Issue 16.04 cover story about Steve Jobs’ leadership at Apple, entitled Evil/Genius), Scientific American, The Guardian, The Observer, The San Francisco Chronicle and many other publications.
Leander has a postgrad diploma in artificial intelligence from the University of Aberdeen, and a BSc (Hons) in experimental psychology from the University of Sussex.
He has a diploma in journalism from the UK’s National Council for the Training of Journalists.
Leander lives in San Francisco, California, and is married with four children. He’s an avid biker and has ridden in many long-distance bike events, including California’s legendary Death Ride.
You can find out more about Leander on LinkedIn and Facebook. You can follow him on X at @lkahney or Instagram.
