Surik, creator of the Cydia store has rolled out a patch that fixes PDF security issues that are fixed by the 4.0.2 update along with ones that Apple hasn’t fixed yet. Seems that if you want to be secure and protected the only thing to do is to jailbreak your device, escpailly if your running a first gen iPhone or iPod Touch. The package can be found in Cydia.
How To: Change Your iPhone’s SSH Password
If for some strange reason you updated to 4.0.2 when Apple released it to patch the PDF exploit that was used for the JailbreakMe jailbreak and your running a iPhone 3G or iPod Touch 2G (Non MC Model) then you can still jailbreak your new protected iOS. The current version of the jailbreak tool redsn0w will still work on both the iPhone 3G and iPod Touch 2G as long as it’s a Non-MC model. Just point redsn0w to the 4.0 firmware to ‘trick’ it then you’ll be away with your new jailbreak.
The hole in Safari has already been patched by Apple and they are preparing it for an upcoming software update, so make sure you back up your SHSH for your firmware so that you can restore back to it and use the JailbreakMe.com method to jailbreak your device. If your thinking of getting an iPhone 4 you better pick it up soon, because as soon as the new update is out you won’t be able to use the same exploit to jailbreak your phone.
On Wednesday an Apple spokeswoman said in a statement, “We’re aware of this reported issue, we have already developed a fix and it will be available to customers in an upcoming software update.”
For all those of you who have used the JailbreakMe.com method of jailbreaking then you took advantage of a PDF exploit in the Safari application. This is good that you can jailbreak your device so easily but it also means anyone with the right know how can run code on your iDevice. This means that if in the wrong hands it could be used for malicious purposes.
The iPhone Dev-Team or Apple will eventually patch the PDF hole, probably the latter. For now you need to make sure your device is protected so that you don’t fall into any malicious traps. You need to install a Cydia package called PDF Loading Warner, this package displays a pop-up when your device is about to open a PDF. It won’t stop this exploit but it will let you choose not to open a PDF that might be malicious. It has caused some issues with iBooks when opening PDF files as you have to dismiss the pop-up numerous times. However it’s a small price to pay for such an easy jailbreak.
Planetbeing of the iPhone Dev-Team confirmed that the ultrasn0w unlock for iPhone 4 will be available tonight for all those who need to unlock their newly jailbroken iPhone 4’s.
Back in the 1.x days JailbreakMe.com was the simplest way to jailbreak your device. And now comex and Dev-Team have released the latest userland jailbreak which exploits a PDF flaw in MobileSafari. This means you can jailbreak any iOS device, including the iPhone4 on the 4.x firmware. Because the exploit that was used it public I’m sure it won’t be too long until Apple fix the flaw and then a new exploit will have to be used. As always remember to backup your SHSH files so that you can restore to your current firmware and keep on using JailbreakMe.com in the future.
To jailbreak just open up the site JailbreakMe.com and then slide to jailbreak and then just wait. It’s that simple!