There was quite a buzz about this lately on the www , starting with MuscleNerd telling everybody not to attempt any jailbreaks using DefCon’s WiFi. So what exactly is happening? Basically when you jailbreak using JailbreakMe, the exploit is being downloaded on your iOS device as a .pdf file, and then executed by the system.
This doesn’t necessarily mean that your iOS device is at risk, but since the ports are still open, and right now this is a known ‘issue’ anybody can inject malicious software onto your device.
Basically, you should avoid downloading stuff you did not authorize , and do not click on links from your MobileSafari. If you want to go from page to page, manually type the address.
But let’s take it one step forward and fix this problem:
Change default password:
First of all, you should change your default password ( alpine ) . If you don’t know how to do that, check out this tutorial… ( this should be some kind of a habit every-time you jailbreak )
Close loophole:
1. Install OpenSSH ( if not already installed )
2. Download this .deb file
3. Via SSH , browse to /private/var/mobile/ and copy the .deb file
4. Now load MobileTerminal on Mac or Putty on Windows and install the .deb file:
Code:
You don't have permission to view the code content. Log in or register now.Here a Tuturial
cdevwillthe guy that released the patch, said the fix will also be released in Cydia. So if you have any difficulties installing the .deb file ( you shouldn’t ) , wait for the Cydia release.
NOTE: by installing this patch, you will be asked anytime you want to open a .pdf file, if you really want to open it. If you downloaded the file from a trusted source, you can tap on ‘Load’ . Otherwise, tap on ‘Cancel’
NOTE: this exploit can affect non-jailbroken users as well. But the only way to fix it, is to jailbreak your iOS device. Check out our tutorial Here
Original text file here
**********UPDATE**********
Saurik has released on cydia an actual patch which will completely close the hole on all iOS based devices, including the first-gen iPhone and iPod touch which were left out in cold by Apple, making you completely safe running jailbroken iOS 4.0.1 / iOS 3.2.1.
It is available right now by the name of “PDF Patch” in Cydia. Install it on any of your iOS based device which is jailbroken on iOS 2.x, up to iOS 4.0.1
To test that it’s working properly, visit jailbreakme.com again. After you slide to jailbreak, you should no longer see a dialog box pop up (you’ll just see the star background). That means you’re no longer vulnerable!
