The iPhone Dev Team recently released the simplest way to jailbreak you iOS device which is to just visit www.jailbreakme.com from your mobile browser. Because of this, many users have been talking on the Internet that you should not attempt the jailbreak using DefCon’s WiFi. When you jailbreak your device visiting JailbreakMe then the exploit is downloaded on your iOS device as a .pdf file which is then executed by the system. Any hacker at DefCon could misuse this vulnerability.
This would not cause any harm to your iOS device but as the ports are open , anyone can inject malicious software onto your device.
So, what you can do is that you should avoid downloading stuff that you did not authorize and also make sure you do not click on suspicious links in Mobile Safari.
To secure yourself from automated downloading of PDF files, follow these steps.
Change default password
First you should change your default root password (alpine) to something else. Follow our guide here.
Close the loophole:
1. Install OpenSSH ( if not already installed )
2. Download this .deb file
3. Via SSH , browse to /private/var/mobile/ and copy the .deb file
4. Now load MobileTerminal on Mac or Putty on Windows and install the .deb file:
ssh root @ your IP
alpine ( or your new password )
dpkg -i com.willstrafach.pdfexploitwarner_1.0.0-4_iphoneos-arm.deb
cdevwill said that the fix will soon be released on Cydia. So if you are not able to install .deb file this way, then you should wait for the Cydia release. Here’s how you can autoinstall .deb files on your iPhone/iPad or iPod Touch.
After installing this patch, anytime you have to open a .pdf file, you’ll be asked if you really want to open it . Only load that PDF file it the source is trusted.
Note: This exploit can also be used on non-jailbroken devices, but the solution is only for jailbroken iOS device. If anyone tells you that this vulnerability is caused by jailbreaking your iDevice, they’re wrong. Jailbreaking will actually allow you to fix this vulnerability, until Apple provides their next 300MB+ iOS update. To jailbreak you iOS device, follow this tutorial.
Update: The ‘PDF Loading Warner’ package is now available on Cydia in the BigBoss repo. Just fire up Cydia, go to the search tab and type in PDF Loading Warner and install it. Thanks to ihackinjosh for the tip.
Without hackers jailbreaking the device apple would not of known about this threat.