Beware: Attackers Could Use New iPhone 4 Jailbreak Code to Carry Out Malicious Attacks

It seems like almost everyone I know has an iPhone, or at least wants one. Among iPhone users in the U.S.—where the phone’s operating system is locked and customers are limited to just one carrier—jailbreaking the devices is almost as popular. Jailbreaking Apple devices such as the iPhone essentially unlocks the operating system to allow root access, enabling users to make additional customizations to their phones.
 
Jailbreaking iPhones has its risks, because it opens the door to the devices becoming more susceptible to attack and malware infection. Another concern is that the vulnerabilities in the devices that the jailbreak code exploits could also be used to carry out malicious attacks against the users of the phones.
 
Just yesterday, such an exploit was published, targeting the fourth generation iPhone for the purpose of jailbreaking the device. Thankfully, the details of the exploit are not publicly documented and the authors have made some attempts to obfuscate the code; however, anyone may obtain a copy of the exploit by visiting a well-known site used for hosting jailbreaking code.
 
Symantec is still analyzing the exploit, but based on initial publicly available information, the exploit targets two unique vulnerabilities. The first issue is reportedly a PDF font parsing vulnerability affecting Mobile Safari. Upon successful exploitation, a second-stage local exploit is used to elevate to root privileges on (continue reading...)