Vulnerability in Apple iOS 4 allows attackers to remotely execute any code

    New in Apple iOS 4 allows attackers to remotely execute any code with superuser privileges. For infection, just go to a specially prepared web page in the browser. The attack occurs as follows: using javascript as an image, a specially prepared pdf-file is loaded. When this document is displayed, iOS 4 unpacks the font embedded with FlateDecode into PDF, an attempt to display which causes a stack overflow, and then it's a matter of technique. Schematically, this attack looks like this:
    image

    Based on this vulnerability, the jailbreakme.com service has been built and has been functioning for several days. The user of any Apple product on iOS 4 just need to go to this page from his device and click on the button so that his phone becomes jailbroken. The vulnerability is considered critical because the attack is invisible to the user, and the attacker gains full access to personal data, including local application data, address book entries and passwords in the browser, as well as the ability to transfer them over the network. No comments have been received from Apple so far, the only way to secure your device is to jailbreak it and install a special utility that will give a warning about browser attempts to open any PDF document.

    Via Gizmodo , Digdog , Gadgetfreaks

    Also popular now: