Your SlideShare is downloading. ×
70 jailbreaking tool_for_apple_mobile_devices_exploits_ios_vulnerabilities__august_16__2010_
70 jailbreaking tool_for_apple_mobile_devices_exploits_ios_vulnerabilities__august_16__2010_
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

70 jailbreaking tool_for_apple_mobile_devices_exploits_ios_vulnerabilities__august_16__2010_


Published on

Published in: Education
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Web Threat Spotlight A Web threat is any threat that uses the Internet to facilitate cybercrime. ISSUE NO. 70 AUGUST 16, 2010 Jailbreaking Tool for Apple Mobile Devices Exploits iOS Vulnerabilities Being hot items in today’s technology-savvy market, Apple products such as the iPod and iPhone have also become natural targets of malicious schemes. In fact, TrendLabsSM noted another potential problem that Apple mobile device users may face—jailbreaking. Using the jailbreaking tool on Apple mobile devices may be harmful, as this exploits a certain iOS vulnerability, which can eventually become a new infection vector for future Web threats. The Threat Defined Days after jailbreaking Apple mobile devices was legalized by the U.S. Copyright Office, a developer known as “Comex” released a very easy-to-use tool that works on iPhone 4.0, iPhone 3G, and iPod Touch 3G devices, among others. The tool dubbed JailbreakMe can be downloaded from a site that can be accessed via Mobile Safari. Jailbreaking allows users to modify the OS of their Apple mobile device, which will, in turn, allow them to install various non-Apple applications onto their devices. It should be noted, however, that jailbreaking an Apple mobile device nullifies its warranty. JailbreakMe Exploits Two iOS Vulnerabilities JailbreakMe may appeal to Apple mobile device owners who want to run applications that they cannot otherwise install onto their devices. Using this tool, however, comes with certain risks. In fact, upon closer inspection, TrendLabs engineers found that JailbreakMe exploits two vulnerabilities in order to run non-Apple apps on Apple mobile devices. The first vulnerability has to do with how Mobile Safari handles .PDF files. Cybercriminals may distribute specially crafted .PDF files that exploit a program flaw in Free Type 2, a font engine that opens and processes font files used in PDF readers, Web browsers, and other applications. This vulnerability has to do with how Free Type 2 handles some Compact Font Format (CFF) opcodes, which when abused, can result in stack corruption. Stack corruption aka stack buffer overflow occurs when a program writes more data than is actually allocated to a buffer. This almost always results in the corruption of adjacent data on the stack. Cases wherein an overflow is triggered by mistake often cause a program to crash or incorrectly operate. This can, in turn, allow arbitrary code execution on an affected system. Figure 1. JailbreakMe app Meanwhile, the second vulnerability is related to an integer overflow that exists in how execution prompt an affected device handles IOSurface properties. An integer overflow occurs when a numeric value assigned to a program is larger than the assigned storage space. This can lead to unintended behaviors such as a buffer overflow. This can then allow cybercriminals to gain the same system privilege as a device user and run malicious code on an affected mobile device. Users who download JailbreakMe via Mobile Safari were found to have downloaded a specially crafted .PDF file (aka TROJ_PIDIEF.HLA) that contains the jailbreaking code instead. The said file exploits a vulnerability in how the device handles CFF fonts, which can result in memory corruption. Though the file does not exhibit any malicious payload, it can still be easily used to instigate cybercriminal attacks targeting iOS devices. In fact, Trend Micro advanced threats researcher Joey Costoya believes that the fact that the PDF exploit has been made public on the jailbreaking site can allow virtually anyone to create a malicious .PDF file using the said exploit. 1 of 2 – WEB THREAT SPOTLIGHT
  • 2. Web Threat Spotlight A Web threat is any threat that uses the Internet to facilitate cybercrime. Figure 2. JailbreakMe infection diagram User Risks and Exposure There is a high probability that the technique JailbreakMe employed to jailbreak Apple mobile devices will be used to spread malware, especially as the tool is readily available on the Web. The increasing popularity of Apple mobile devices among consumers may even turn jailbreaking into a new infection vector for cybercriminal use. To prevent becoming victims of cybercrime, think twice before downloading any tool off the Internet, as the security risks it brings may outweigh the rewards. In response to this threat, Apple recently released a security patch to resolve the aforementioned vulnerability. We thus strongly advise users to immediately update their mobile devices by visiting this page. For even better protection, users may download Trend Micro Smart Surfing for iPhone, which blocks access to malicious sites, including the site where JailbreakMe is hosted. Trend Micro Solutions and Recommendations The Trend Micro™ Smart Protection Network™ infrastructure delivers advanced protection from the cloud, blocking threats in real-time before they reach you. A global network of threat intelligence sensors correlates with email, Web, and file reputation technologies 24 x 7 to provide comprehensive protection against threats. As the sophistication of threats, volume of attacks, and number of endpoints rapidly grows, the need for lightweight, comprehensive, and immediate threat intelligence in the cloud is critical to overall protection against data breaches, damage to business reputation, and loss of productivity. In this particular attack, Smart Protection Network’s file reputation technology immediately detects and deletes malicious files like TROJ_PIDIEF.HLA from infected products. Web reputation technology, on the other hand, blocks user access to malicious sites from which the malware may be downloaded. The following post at the TrendLabs Malware Blog discusses this threat: The virus report is found here: Other related posts are found here: 2 of 2 – WEB THREAT SPOTLIGHT