iPhone Exploit Code Goes Public After Apple Patches Released
The mind behind a new jailbreak for the iPhone has released source code for his tool, which leverages two vulnerabilities in Apple's iOS mobile operating system that could be used to take over iPhone, iPad and iPod touch devices.The developer of a jailbreak for iPhones has posted source code attackers could use to compromise devices. The developer, who goes by the name "Comex," posted code for JailbreakMe 2.0 on the Web Aug. 11 after Apple released a pair of fixes for the iOS bugs the jailbreak leverages. The patches also address the problems on the iPad and iPod touch.
"The first issue exploited is a FreeType CFF (Compact Font Format) handling issue, exploitable via Mobile Safari to gain access to affected devices," explained Michael Price, senior operations manager for McAfee Labs for Latin America. "The second issue exploited is an IOSurface framework issue that allows for administrative privileges to be obtained...This update should prevent both malicious attackers from exploiting these issues, as well as prevent the jailbreak technique from continuing to work-for updated devices."