Cydia “PDF Loading Warner” Helps Prevent iOS Security Hole Exploit
Cydia App “PDF Loading Warner” is released to prevent automated malicious use of the iOS jailbreak exploit.
PDF Loading Warner is outdated, use iOS PDF security fix instead.
For the PDF loading warner security hole fix, scroll down to “iOS PDF Exploit, Temporary FIX” section. But first, some background.
iOS Security Implications
The newest iOS jailbreak uses a website to load a PDF file containing arbitrary code. The zero day exploit is similar to the first easy jailbreaks of the original iPhone, based on a malformed TIFF file.
The security implications of this iOS exploit is that besides using a PDF for non-malicious iPhone jailbreaking, in theory it could be used for malicious activities.
iOS Security Hole? Sky is Falling?
iOS Theoretical Security Problem
This iOS PDF reader exploit is actually one of the very few PDF related security problems not due to Adobe. It’s a problem Apple has to look into, and is likely to quickly fix.
Apple has already confirmed that it’s looking into it.
Same type of people predicted doom for iPhone with the original malformed TIFF exploit too, but Apple quickly patched the exploit. Therefore, it’s likely that the hole will be closed before anyone would write anything malicious for iOS devices.
Real Security Problems: Windows / Android
Meanwhile, Adobe PDF is actually one of the main vectors for compromising PCs / Windows. The difference is numerous PCs are compromised EVERY DAY. While the iOS exploit is only theoretical.
Android is not without its own security problems either. Android Apps can already obtain private data without user consent, with over 1 million Android users compromised. Large number of questionable apps remain in android market.
Android phones are also rooted to gain add functionalities their “open” platform doesn’t provide. Rooting those devices also depends on exploits of Android security holes, which could also be used for malicious means.
In addition, at the 2010 Black Hat security conference, researcher handed out Android rootkit exploits that allow stealth control of an Android devices without triggering alerts.
iOS PDF Exploit, Temporary FIX
This security hole affects iOS 3.1.2, 3.1.3, 4, 4.0.1 users on iPhone, iPod touch, and iPad.
Non-Jailbreak iOS Devices
Until Apple patches the hole, do not visit sites you don’t trust, and do not download PDF files.
Jailbreakd iOS Devices
If your iOS device is jailbroken, get the free Cydia app which will “solve” the problem of the theoretical malicious jailbreak of the device without user intervention. This is what you see when a web site tries to load a PDF file:
The Cydia app doesn’t fix the hole, but rather warns you if the website tries to load a PDF file in iPhone, iPod touch, and iPad Mobile Safari browser.
“PDF Loading Warner” is free, at Cydia. Download and install.
- Cydia’s Saurik Fixes PDF Exploit on Jailbreaked & Older iOS Devices
- App Store / iOS Code Signing Security Flaw [Video]
- Apple iOS Firmware Download: iPhone iPod touch 4.0.2 iPad 3.2.2
- iOS 5.1 Safari Addressbar URL Spoofing Security Problem
- Jailbreak iPad 2, iPhone 4 with iOS 4.3.3 + Fix PDF Exploit