ID: IRCNE2011071174
Date: 2011-07-09
According to 'zdnet', Apple’s newest iPhone devices have been hacked with a zero-day font vulnerability in the latest iteration of the JailbreakMe.com project.
The JailbreakMe.com exploit allows the automated jailbreaking of iPhone/iPad/iPod Touch devices from a specially created Web site.
It is essentially a drive-by download attack that exploits the way Apple’s mobile operating system processes certain fonts. Technical details of the vulnerability are not yet know.
It is likely being combined with a second privilege escalation bug to escape the iOS sandbox, much like the first version of the jailbreak exploit.
Along with the jailbreak exploit, “Comex” also released a patch for the main vulnerability.
“Due to the nature of iOS, this patch can only be installed on a jailbroken device. Until Apple releases an update, jailbreaking will be the best way to remain secure,” he explained.
- 4