A dangerous IOS vulnerability remains unpatched for a week

A CRITICAL IOS vulnerability exploited to jailbreak Iphones and Ipads remains unpatched a week after being publicly disclosed, despite warnings from security experts that it can be used to remotely infect devices with malware.

The security flaw resides in the IOS PDF reader component and allows potential attackers to execute arbitrary code with unrestricted root privileges. It was discovered by an Iphone jailbreak developer known as comex who is responsible for creating the popular Jailbreakme.com web site.

Jailbreakme allows Iphone and Ipad users to remove limitations imposed by Apple on their devices by simply browsing to a web page and sliding a bar. Following the release of the comex jailbreak last week, security experts warned that the vulnerability it exploits can be adapted for drive-by download attacks.

This type of attack only requires users to visit a maliciosusly-crafted web page in order to be infected and is achieved by exploiting remote code execution vulnerabilities. The author, comex acknowledged the risks, but claimed that public knowledge of the flaw will force Apple to quickly patch it, therefore improving IOS security.

"I did not create the vulnerabilities, only discover them. Releasing an exploit demonstrates the flaw, making it easier for others to use it for malice, but they have long been present and exploitable. Although releasing a jailbreak is certainly not the usual way to report a vulnerability, it still has the effect of making iOS more secure in the long run," the developer wrote on his web site.

Despite this, comex went to the trouble of creating a patch for the vulnerability himself and releasing it through the unofficial Cydia app store. Apple said it's working on a patch of its own that will address the problem for users who don't want to jailbreak their devices, but this was a week ago.

When Jailbreakme 2.0 came out last year based on a similar vulnerability it took the cappuccino company around ten days to release a fix. This isn't a good response time for a critical vulnerability, but big software vendors like Apple and Microsoft are known to take their time with patches if there are no attacks out in the wild exploiting the reported vulnerabilities.

It's worth pointing out that the comex jailbreak bypasses the Address Space Layout Randomization (ASLR) technology that is supposed to make exploits harder. ASLR was first introduced by Apple in IOS 4.3, but aside from setting a few small roadblocks, it doesn't seem to have had any real impact on people's ability to jailbreak their devices. µ