Cydia “PDF Loading Warner” Helps Prevent iOS Security Hole Exploit

Wednesday, August 4, 2010
By OP Editor

Cydia App “PDF Loading Warner” is released to prevent automated malicious use of the iOS jailbreak exploit.

UPDATE:

PDF Loading Warner is outdated, use iOS PDF security fix instead.

Cydia PDF Loading Warner Exploit Fix

For the PDF loading warner security hole fix, scroll down to “iOS PDF Exploit, Temporary FIX” section. But first, some background.

iOS Security Implications

The newest iOS jailbreak uses a website to load a PDF file containing arbitrary code. The zero day exploit is similar to the first easy jailbreaks of the original iPhone, based on a malformed TIFF file.

The security implications of this iOS exploit is that besides using a PDF for non-malicious iPhone jailbreaking, in theory it could be used for malicious activities.

iOS Security Hole? Sky is Falling?

iOS Theoretical Security Problem

This iOS PDF reader exploit is actually one of the very few PDF related security problems not due to Adobe. It’s a problem Apple has to look into, and is likely to quickly fix.

Apple has already confirmed that it’s looking into it.

Same type of people predicted doom for iPhone with the original malformed TIFF exploit too, but Apple quickly patched the exploit. Therefore, it’s likely that the hole will be closed before anyone would write anything malicious for iOS devices.

Real Security Problems: Windows / Android

Meanwhile, Adobe PDF is actually one of the main vectors for compromising PCs / Windows. The difference is numerous PCs are compromised EVERY DAY. While the iOS exploit is only theoretical.

Android is not without its own security problems either. Android Apps can already obtain private data without user consent, with over 1 million Android users compromised. Large number of questionable apps remain in android market.

Android phones are also rooted to gain add functionalities their “open” platform doesn’t provide. Rooting those devices also depends on exploits of Android security holes, which could also be used for malicious means.

In addition, at the 2010 Black Hat security conference, researcher handed out Android rootkit exploits that allow stealth control of an Android devices without triggering alerts.

iOS PDF Exploit, Temporary FIX

This security hole affects iOS 3.1.2, 3.1.3, 4, 4.0.1 users on iPhone, iPod touch, and iPad.

Non-Jailbreak iOS Devices

Until Apple patches the hole, do not visit sites you don’t trust, and do not download PDF files.

Jailbreakd iOS Devices

If your iOS device is jailbroken, get the free Cydia app which will “solve” the problem of the theoretical malicious jailbreak of the device without user intervention. This is what you see when a web site tries to load a PDF file:

Cydia PDF Loading Warner in action

The Cydia app doesn’t fix the hole, but rather warns you if the website tries to load a PDF file in iPhone, iPod touch, and iPad Mobile Safari browser.

“PDF Loading Warner” is free, at Cydia. Download and install.

Share

Related Posts

  1. Cydia’s Saurik Fixes PDF Exploit on Jailbreaked & Older iOS Devices
  2. App Store / iOS Code Signing Security Flaw [Video]
  3. Apple iOS Firmware Download: iPhone iPod touch 4.0.2 iPad 3.2.2
  4. Jailbreak iPad 2, iPhone 4 with iOS 4.3.3 + Fix PDF Exploit
  5. iOS 5.1 Safari Addressbar URL Spoofing Security Problem

Tags: Apple, iPad, iPhone, iPod touch, Security

2 Responses to “Cydia “PDF Loading Warner” Helps Prevent iOS Security Hole Exploit”

  1. kms

    hello… i couldn’t find “PDF Loading Warner” in cydia. The BigBoss is installed. what source should i add to get this file?

    1

Site Search

iPad Air 2 Case

Popular Tags