If you have jailbroken on 4.3.3 do not upgrade to the 4.3.4
It has now been confirmed that Apple is planning to release iOS 4.3.4 to fix a PDF Exploit that allowed JailbreakMe 3.0 to be applied. This vulnerability in Mobile Safari requires users to open a malicious PDF file before having the device taken over and ultimately jailbroken in JailbreakMe 3.0’s case.
After days of speculation, a post by Germany’s Federal Office for Information Security confirms the seriousness of the risks and alluded to an nonexistent “software update” that will likely come under the form of iOS 4.3.4, scheduled to be available within the next few days. According to the post on the Government site, this PDF vulnerability allows “attackers to access with administrative privileges on the entire system”
The post goes on to explain the possible consequences of this exploit if it’s left unpatched, including the possibility for confidential information to be accessed, given the significant market share iOS has managed to obtain in the business world, as ReadWriteWeb explains:
According to a Google translation of the German Federal Office for Information Security, the exploit will give the attacker administrative privileges over devices which would include any data, email or contacts stored on the device. So far there is no official patch available for the exploit from Apple. But if you have jailbroken your iOS device, there is a patch available through Cydia.
Until the update is released, the German Government urges users to think twice before opening PDF files from unknown sources or clicking on untrusted links in search engines.
Apple has taken things a bit seriously and a spokesperson from Apple has confirmed that an update is on its way to patch the PDF vulnerability, but no time frame has been given when the update will drop on earth.
JailbreakMe 3.0 is a new iteration of JailbreakMe that allows any iOS device on the face of the earth to be easily jailbroken and run non-Apple-approved apps and tweaks in a matter of minutes, otherwise known as jailbreaking. This is also the first untethered jailbreak for the iPad 2.
Applying JailbreakMe is as easy as pointing Mobile Safari to JailbreakMe.com and tapping on a link to begin the process. Through a crafted PDF file, the jailbreak will then be installed within minutes. This tools allows for a much quicker and easier jailbreaking process than other traditional methods.
It’s important to stress again that users who have jailbroken or are planning to jailbreak their devices should stay away from iOS 4.3.4 once it comes out within the next few days. In order to remain safe, they should install PDF Patcher 2, which is available on Cydia.
- How To Jailbreak Your iPhone, iPod Touch, or iPad Using Jailbreakme (cmoslabs.com)
- JailbreakMe 3.0 and the iOS PDF Flaw: Protect Your Business (pcworld.com)
- Apple iOS Zero-Day PDF Vulnerability Exposed (informationweek.com)
- Apple Promises Software Update To Fix iOS PDF Vulnerability (macstories.net)
- Apple developing fixes for dangerous iOS vulnerabilities (infoworld.com)
- Germany issues alert over iOS jailbreak; Apple promising fix (digitaltrends.com)
- JailbreakMe Hackers Expose Gaping Security Hole In iPhones – And Fix It Only For Jailbreakers (blogs.forbes.com)
- Apple promises fix for PDF exploit (and will block JailbreakMe exploit in the process) (slashgear.com)
- iPad, iPhone Flaws that Allow Jailbreaks also Invite Malware (pcworld.com)