We recently covered the remote jailbreak of any iOS4 device, without the need of connecting it to a computer via a USB cable. This completely new method of jailbreaking iOS devices has been possible via the website www.jailbreakme.com.
The jailbreak method on this website exploits a very big security flaw in iOS4 that allows any website to write data to the device without any user intervention. As easily as this method can be used to jailbreak the device, equally easy it is for hackers to exploit the same flaw and gain access to your personal data.
The flaw, quoted from 9to5Mac’s article on the same issue –
Basically iOS tries to parse the PDF file from the Web but, in doing so, it executes some code, that in this case allows you to jailbreak your device. It isn’t rocket science to have it do something completely different and much much worse. And there won’t be a slider that asks if it is OK.
How to fix the flaw
Right now, there are no methods available for patching up this security hole in iOS4. A number of alert systems are available, but unfortunately all of them involve jailbreaking your device. So the first step for any fix is to go to www.jailbreakme.com and jailbreak your iOS4 device.
- Will Strafach’s PDF Loading Warner – After you have successfully jailbroken your device, install Cydia on it. Once you have installed Cydia, all you need to do is download the PDF Loading Warner package (search for it in Cydia). Once the installation is complete, just restart the springboard. Now whenever mobile Safari attempts to download a PDF via a website, you will receive an alert.
- Use the alert .deb file – Download this file and place it in the /var/mobile directory of your device. Now install the iFile application. Use the iFile application to navigate to this .deb file on your device, and double tap it to install it. It should have the same alert effect as the above method.
Apart from this alert method, you should also be careful as to which websites you visit on your iOS device as any website may contain malicious code (in the form of a PDF) ready to be executed on your device. Until Apple officially releases a fix for this hole, this is your best option.