Jailbreak iPhone, iPod Touch, iPad

Tomorrow is the first conference day at famous hacker event HITBSecConf2012. The conference schedule shows that Chronic Team members Joshua Hill (@p0sixninja), Cyril (@pod2g), Nikias Bassen (@pimskeks) and David Wang (@planetbeing) will speak about Corona jailbreak and Absinthe jailbreak for iOS 5.0.1. iPhone Dev-Team member MuscleNerd will speak about “Evolution of the iPhone Baseband and Unlocks”.

The iOS 5.1.1 untethered jailbreak is rumored to be announced during this conference during Chronic Dev Team keynote. Stay tuned.

The HITBSecConf2012 schedule is available here.

The founder of Jailbreakme.com Comex has said on Twitter that he is joining Apple as an intern. Site JailbreakMe.com greatly facilitates jailbreaking for users. He said about the hiring on Twitter:

“It’s been really, really fun, but it’s also been a while and I’ve been getting bored. So, the week after next I will be starting an internship with Apple”.

Read the rest of this entry »

Apple has released iOS 4.3.4 to block the PDF exploit used by comex in JailbreakMe utility. JailbreakMe can wireless jailbreak all devices on iOS 4.3.3.

iOS 4.3.4 Software Update
Fixes security vulnerability associated with viewing malicious PDF files.

Products compatible with this software update:
• iPhone 4 (GSM model)
• iPhone 3GS
• iPad 2
• iPad
• iPod touch (4th generation)
• iPod touch (3rd generation)

For iPhone 4 Verizon Apple released iOS 4.2.9.

The official information is available here: http://support.apple.com/kb/HT1222

As you might know hacker Comex has found a new PDF vulnerability and released JailBreakMe tool that uses it. These were great news. The bad ones is that your iPhone and iPad and iPod Touch is at risk. Bad guys can use the same vulnerability to take control of your device and do whatever they want with it.

Apple will fix it in iOS 4.3.4 firmware some day. Fortunately Comex has already released a patch for his JailbreakMe 3.0 exploit to protect already jailbroken devices from any malicious use of the exploit.

The package called ‘PDF Patcher 2′ can be downloaded and installed from Cydia. To jailbreak please use our step-by-step instructions.

Today Comex has officially released the new web-based jailbreak for iOS 4.3.3. It supports all devices including iPad 2.

The jailbreak uses a PDF exploit similar to old JailbreakMe and does not require your device to be connected to the computer.

To jailbreak, navigate to http://www.jailbreakme.com on your iOS device after updating to iOS 4.3.3 (if you do not need unlock). We will be posting detailed instructions shortly.

Here is the list of devices and iOS versions that are supported:

• iPad 1: iOS 4.3 – 4.3.3
• iPad 2: iOS 4.3.3
• iPhone 3GS: iOS 4.3 – 4.3.3
• iPhone 4 GSM: iOS 4.3 – 4.3.3
• iPhone 4 CDMA: iOS 4.2.6 – 4.2.8
• iPod Touch 3G: iOS 4.3, 4.3.2, 4.3.3
• iPod Touch 4G: iOS 4.3 – 4.3.3

Step by step JailbreakMe tutorials:

• iPad 1
• iPad 2
• iPhone 3GS
• iPhone 4
• iPod Touch 3G
• iPod Touch 4G

As you may know, few days ago Apple had released a new version of iOS for all its mobile devices except first-generation iPhone and iPod touch, so owners of the latter are still not protected from a security flaw that allows hackers to obtain a remote control of their handsets. In fact, the latest compatible version for them is currently iOS 3.1.3.

But Saurik (who is known as a developer of Cydia) recently announced on the Dev-Team blog that he released a PDF patch that is compatible with any iOS version down to 2.x. It can be found in Cydia if you’ll search for “PDF Patch”. After installing it you can check if the patch is working properly with visiting jailbreakme.com page. After sliding the box to jailbreak you should only see the star background (and not a dialog box), which means you are no longer vulnerable.

In its blog Dev-Team also noted:

“Since the only reason for 4.0.2 was to fix the security holes, and since the upcoming Cydia package will fix them too (and then some!), everybody should sit tight on 4.0.1 (or lower) and install the Cydia package as soon as it’s out. Jailbreakers can have their cake and eat it too.”

Today Apple released patches for its iOS that address a security hole in Mobile Safari, which allowed users to jailbreak their iDevices. The PDF exploit they used also allowed hackers to gain remote control over the device with an iOS.

iOS 4.0.2 is available for:

• iPod touch 2G
• iPod touch 3G
• iPhone 3G
• iPhone 3GS
• iPhone 4.

Apple did NOT release the patch for the first generation iPhones.

iOS 3.2.2 is intended to use on the iPad and iPad 3G.

You can update your device via the links above or simply by connecting your device to iTunes and clicking Update. But note, if you want to continue using jailbreak you should not update your handset/tablet and don’t forget to backup your SHSH blobs.

There is a big a security hole in iPhone iOS. The device is insecure in a big and obvious way. You should be extremely careful of what sites you visit.

The FlateDecode vulnerability can be used when a PDF File is embedded within a Web page. Basically Safari tries to parse the PDF. And when it does it executes some code. Hackers can use this exploit to read and write iPhone data, get your contacts, sms, even delete something. So they can get all kinds to access your personal information stored on your iOS device.

Apple will fix it some day. Until then you need to take care of your iPhone security. There is a fix for that. It is available via Cydia for jailbroken devices. So you need to jailbreak in order to secure (funny isn’t it?).

Will Strafach has released the fix as a Cydia-based package called “PDF Loading Warner.” Simply download and install the package. Every time Mobile Safari attempts to download and parse a PDF you will get the following message:

Now you can control, where to accept PDF (as not all of them are made by hackers) and where to select cancel.