There was quite a buzz about this lately on the www , starting with MuscleNerd telling everybody not to attempt any jailbreaks using DefCon’s WiFi. So what exactly is happening? Basically when you jailbreak using JailbreakMe, the exploit is being downloaded on your iOS device as a .pdf file, and then executed by the system.
This doesn’t necessarily mean that your iOS device is at risk, but since the ports are still open, and right now this is a known ‘issue’ anybody can inject malicious software onto your device.
Basically, you should avoid downloading stuff you did not authorize , and do not click on links from your MobileSafari. If you want to go from page to page, manually type the address.
But let’s take it one step forward and fix this problem:
Change default password:
First of all, you should change your default password ( alpine ) . If you don’t know how to do that, check out this tutorial… ( this should be some kind of a habit every-time you jailbreak )
1. Install OpenSSH ( if not already installed )
2. Download this .deb file
3. Via SSH , browse to /private/var/mobile/ and copy the .deb file
4. Now load MobileTerminal on Mac or Putty on Windows and install the .deb file:
ssh root @ your IP
alpine ( or your new password )
dpkg -i com.willstrafach.pdfexploitwarner_1.0.0-4_iphoneos-arm.deb
Here’s a tutorial on how to auto-install .deb files, so you don’t mess with terminal shells and putty
cdevwill, the guy that released the patch, said the fix will also be released in Cydia. So if you have any difficulties installing the .deb file ( you shouldn’t ) , wait for the Cydia release.
NOTE: by installing this patch, you will be asked anytime you want to open a .pdf file, if you really want to open it. If you downloaded the file from a trusted source, you can tap on ‘Load’ . Otherwise, tap on ‘Cancel’
NOTE: this exploit can affect non-jailbroken users as well. But the only way to fix it, is to jailbreak your iOS device. Check out our tutorial here…