There is a big a security hole in iPhone iOS. The device is insecure in a big and obvious way. You should be extremely careful of what sites you visit.
The FlateDecode vulnerability can be used when a PDF File is embedded within a Web page. Basically Safari tries to parse the PDF. And when it does it executes some code. Hackers can use this exploit to read and write iPhone data, get your contacts, sms, even delete something. So they can get all kinds to access your personal information stored on your iOS device.
Apple will fix it some day. Until then you need to take care of your iPhone security. There is a fix for that. It is available via Cydia for jailbroken devices. So you need to jailbreak in order to secure (funny isn't it?).
Recently Vupen, which is a French security firm, posted an advisory that contained information about two critical security vulnerabilities in Apple's iOS. After a while hacker comex used these flaws to create a jailbreak, which is now widely known and available on JailbreakMe.com.
But according to Reuters, yesterday Apple decided to react and its spokeswoman Natalie Harrison revealed that the company is currently investigating Vupen's advisory. So it looks like these exploits are going to be fixed soon!
Starting today every owner of iPad, iPhone or iPod can easily jailbreak his device via browser on http://jailbreakme.com/
The site was created in a week after decision of the Library of Congress (that operates the Copyright Office), which states that jailbreaking isn't illegal, though Apple claims it actually represents a threat to the stability and security of the company's devices. Apple also says that jailbreaking voids the warranty, but such an action can be easily undone by resetting a device to the default factory settings.
Site JailbreakMe.com easily became a trending topic in Twitter after its announcement on RedmondPie.com. The jailbreak itself was created by hacker comex, and the website was done by chpwn and westbaer.
As you remember, few weeks ago iTunes Store was hacked and the top list of the Books category had been filled with a bunch of obscure books. That was achieved by a number of unauthorized charges that were made on accounts of several iTunes users, who eventually lost few hundred dollars. In turn Apple deleted developers who were found to use the fraudulent purchases.
These days Apple added new layer of security which now require every user to enter the security code of their credit card each time they register a new device or computer with their account, according to Different District blog. So if earlier malicious user just needed to guess a password for the account in order to receive and/or resell the acquired information to fraudulent buyers, after Apple’s security innovation it will require more efforts to do that.
MuscleNerd, hacker from DevTeam, commented via twitter on recent rumors that universal jailbreak (all iPhones and all firmwares, including iPhone 4 and iOS 4.0.1) will be released today. The basic answer is no, there will be no jailbreak today.
Not to make it a daily thing, but since somehow people thought it would be today: the new JB+unlock won't be out today
(there are issues with important apps like Facetime that need to be figured out...no sense releasing a half-broken JB)
Jay Freeman, better known as Saurik, the creator of Cydia, was interviewed by the home radio Make It Work. He speaks about the history and the future of the iPhone jailbreak.
Saurik describes the origins of Jailbreak and Unlock for the very first model of the iPhone. Jay explains that initially there were two important things to do with the iPhone 2G - to use other carrier than AT&T and to install any application.
He continues discussing the main applications from Cydia. Cycorder was the first to allow video recording, and Winterboard was the only one that allowed users to change the graphical interface of the iPhone. He also speaks about Comex, the hacker who is currently working with the Dev Team for releasing and Unlock for the iPhone 4. According to Saurik the tool is still not ready to be released to the public due to severe bugs in the code. Here the second part:
Run RedSn0w and point it at the 4.0 IPSW. (Yes – point it at the 4.0 IPSW even though you're at 4.0.1). This will also hacktivate your iPhone3G at 4.0.1 if you haven't already been activated by iTunes.
Install ultrasn0w in Cydia (add repository http://repo666.ultrasn0w.com) if you need a carrier unlock (and in the USA, remember to turn off 3G mode in Settings→General→Network).
Geohot closed the iPhone blog that he used to announce and release jailbreaks and unlocks over the past few years. The site now says "This blog is open to invited readers only". Yesterday he posted his last public blog entry.
Geohot has also now shut down his Twitter account which has 113,761 followers. Visiting the account now says "This person has protected their tweets".
Engadget reports about another hack made in the Book category of an iTunes App Store. 42 of the top 50 books now belong to a seller named Thuat Nguyen, whose company is written as “mycompany” and its site is www.home.com. Almost all of these books have been published in April and have little to no customer reviews or ratings. Though it is claimed that the books are available in English and Japanese language, people report they are actually appear to be in Vietnamese.
Engadget also claims that many people report about iTunes account hacking that became a reason of spending hundreds of dollars on above-mentioned books without any wish and permission of its owners. That cannot be a coincidence, so it is recommended that every Apple customer will check his purchase history in his Apple Account information.
Flash has been ported to the iPad. Unofficially of course. The project is called Frash and is basically a port of Adobe Flash runtime for Android running on iPad using a compatibility layer. Its coming from a well known iPhone hacker named comex.
The YouTube description of the video explains everything about the port as follows.
Frash is a port of the Adobe Flash runtime for Android to the iPhone, using a compatibility layer, by comex ( http://twitter.com/comex ). Frash can currently run most Flash programs natively in the MobileSafari browser. Frash currently only runs on the iPad, but support for other devices (3GS+ only due to technical restrictions) is planned, as well as support for iOS 4.
A release is planned for when Frash is stable. Developers are welcome to join the effort at http://github.com/comex/frash – fork it and send a pull request with your patches.
Shot on an iPhone 4 and edited using iMovie on the phone.