Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Many years ago (2011?) when I was working on PDF at Apple, and when Jailbreaking iPhones was a thing, someone posted a PDF on a Website. Just by reading the PDF on your device, it was Jailbroken.

Apparently the attack was done this way: someone modified an open source font library by removing bounds checking from one of its functions. They then waited 12 months to see if anyone had noticed or fixed the change. They then created a PDF with the font in question, including the embedded jailbreak code. The PDF was then released.



Is there a CVE out for this somewhere? This is interesting


Sounds like the FreeType vulnerability that comex exploited for JailbreakMe. I think it was called 'Star.' Try CVE-2010-1797.


The bona fides arrived, that seems to be it. Woah, I always wondered how JailbreakMe worked, thank you!


Was this attack genuinely dangerous? Or was it just a social experiment?


That attack has the possibility of being incredibly dangerous.

The fact that they released the updated font to the public means everyone using that font became vulnerable if they had a similar lack of bounds checking inside the pdf reader (which is incredibly likely).


Sure. I’m just wondering about the attacker’s intentions. Whether they were malicious or merely misguided.


Someone else could make a different pdf with a different payload, so even if that specific person just wanted to jailbreak their own phone, others could do bad things with it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: