Analysis of iPhone 4 jailbreak principles and vulnerabilities

Recently released iPhone 4 jailbreak method can be described as novel and simple, almost no too many complex steps, users just need to use the iPhone embedded Safari browser to access the http://www.jailbreakme.com, as prompted to easily jailbreak, enjoy the free iPhone. It can be said that this is really an exciting news. Many iPhone users may have successfully escaped from jail using this method. However, it is worth thinking that the iPhone has been jailbroken only when Safari is used to access a webpage, this has to be deeply considered. What is the security of the iPhone?
 
The following is a description of Comex translation (of course the original text is retained), which describes how jailbreak is implemented. Let's take a look.
 
One thing is certain. Many hackers and security experts are very interested in the working principle of the recently released iPhone 4 jailbreak software. So how did I implement Comex? In addition, I want more people to wonder how this vulnerability can be exploited by some unscrupulous non-iPhone jailbreak users. I published this information to allow apple to fix this vulnerability as soon as possible-I may recall that since the 1.1.1 era, hackers can fix the iPhone vulnerability after jailbreak-this vulnerability exploits Safari. TIFF File Vulnerability.
 
I'm sure into other hackers and tinkerers like me are wondering how the iPhone 4 Jailbreak (released yesterday) was accomplished. furthermore, I feel that people are most interested in how this exploit cocould be maliciously used against NON-JAILBROKEN iPhone users. i'm spreading this information with the hopes that the exploit will be promptly patched-as you will recall, with one of the original iOS jailbreaks (version 1.1.1, I believe ), the jailbreakers actually took the liberty of patching the jailbreak exploit after the jailbreak was timed med. this jailbreak was also accomplished through Safari, and the way it handled. TIFF files.
 
Now, let's start to explain:
 
Now, on to the dirty stuff...
 
Chpwn explains that Comex uses the CFF font overflow vulnerability to jailbreak. It is a font file vulnerability in a FlateDecode data stream. For more information about FlateDecode, see the explanation www.2cto.com:
 
@ Chpwn has explained that @ comex uses the CFF font stack overflow to jailbreak, which is essential a font file placed in a FlateDecode stream.
 
If you copy jailbreakme.com to a local server, you can analyze the network software and how it works. In essence, this software is to use JS to view your device model, load the corresponding PDF file, and finally use the Font Vulnerability to jailbreak. The corresponding file can be downloaded at http://www.jailbreakme.com.
 
If you copy jailbreakme.com to a local server, you can dissect the small web-app and see how it works. essential, the site checks for your device's user-agent, and loads the correct PDF file for the exploit from http://www.jailbreakme.com/_/ through the Javascript function new Image ()
 
You can use the binary editor to open these PDF files. The vulnerabilities exploited by jailbreak support all data, including this article. After zlib compression, insert a PDF file, a font file is returned to overload the stack.
 
One can then open the PDF files with a hex editor, and examine them more closely. the jailbreak uses a FlateDecode stream (which allows any data, including plain-text, to be compressed with zlib and inserted into a PDF) to load a font file which in turn causes a stack overflow:
 
Open it with GhostView, and you can easily view the code for implementing jailbreak. Users who have escaped from jail by using this method should be familiar with the highlighted area.
 
If you decode the FlateDecode stream with GhostView, you can see the actual code used to perform the jailbreak. I 've highlighted a line that shoshould be familiar if you 've visited jailbreakme.com on your iOS device recently.