JailbreakMe was released yesterday and as we said, it is one of the easiest and quickest jailbreaks. However, it is also one of those jailbreaks that really puts your iPhone at risk.

The way JailbreakMe works is that it takes advantage of a vulnerability in iOS, and more specifically the fact that iOS downloads PDF documents automatically. Comex managed to inject the jailbreak code in a PDF document that is downloaded and executed once you “slide to jailbreak” on JailbreakMe.com.

Now that this very simple exploit has been revealed, there are chances some bad guys out there might want to take advantage of it and potentially steal data from your iPhone. Before you start panicking and running around the house screaming, let’s be clear that the chances of this happening are actually very thin, but you never know…

MacStories published a fix for that earlier today:

Tweeted by @cdevwill earlier today, all you have to do is download this .deb file and open it on your device using either Terminal from your Mac, or iFile on the iPhone. Just download it and place it in /var/mobile.

– Using Terminal:

ssh root@your IP address

alpine

dpkg -i file.deb

Where “alpine” is the default password you’ll get after installing Open SSH from Cydia and “your IP address” is located under Settings – > Wifi – > active wifi connection.

– Using iFile:

Navigate to /var/mobile and double tap on the .deb file to install it.

This won’t actually patch the exploit but it will now ask you for permission every time a PDF document wants to be downloaded to your iPhone. If you know what you’re downloading then fine. However if a site tries to use Comex’s exploit and downloads some malicious software onto your iPhone, you will be able to deny it access.

I believe this fix will be available in Cydia soon but if you can’t wait, and know your way around Terminal, then give this a shot. Apple will also issue a patch for this, most likely in the net iOS update.

If you use this method to secure your iPhone, please don’t forget to share your thoughts in the comments.

  • sucre

    Wait.

    Before or After Jailbreaking with the new Jailbreakme?

  • Goofygreek

    Didn’t work for me. Wouldn’t let me download it and open via ifile.

  • goldman60

    It installed, displays the warning, but upon clicking the warning safari crashes and exits

    Tested on:
    http://www.irs.gov/pub/irs-pdf/fw4.pdf

  • @sucre: after…

  • Evildomain

    I used the iFile method and I tried loading a PDF, everything worked as described. Thank you for the help…LOVE THIS SITE!!! (it is quickly becoming one of my favorites)

  • sucre

    @rudeboy

    Roger that man.

    And ouh, keep skankin’. 😉

  • Jordan

    No you are wrong. Jailbreakme does not put ur phone at risk. All phones were already at risk. This just takes advantage of it.
    Same risk wether u used it or not.
    Get ur facts straight Sebastian.

    • The reason that this is essentially putting your phone at risk is not because of the jailbreak, but because of all the publicity that this jailbreak (and how it works) is getting – basically drawing a giant magnifying glass over the very simple exploit; which is a good way for people to gain unauthorized access to your iDevice. That’s why people are saying that it puts your phone at risk – however you are correct in saying that all of us are at risk.

      • Pn2bade

        Agreed. And with this file, jailbreakers are actually safer right now

  • lakerlove

    @Evildomain did you run IFILE on an iphone 4?

  • Nick

    Worked like a charm. Terminal wouldn’t open for me though on iOS4.0.1 iphone 4. Followed this to get it to work:

    http://www.iphone4forum.net/forum/iphone-4-hacking-17/terminal-iphone-4-tutorial-1438/#post9200

    It would open then close right away. Used WinSCP to run dpkg command within it’s “terminal”.

  • Perky_Pat

    Hi All,

    Can someone help me? I tried to do as suggested but when I get to var/mobile I get a bunch of other maps like Application and Media. That doesn’t sound right… Any idea?
    I guess if it is so easy to jailbreak, wouldn’t it be as easy for Apple to unjailbreak the device if one would to land on their site… with hidden pdf’s?

    Thanks,

    Amsterdam

  • reed

    @Perky_Pat…. I have the same problem with iFile installed after jailbreaking. The “Download” folder under “/var/mobile/Library” is not there. And the “Safari Download Manager” is missing the download arrow icon in Safari web browser. Have tried to remove/reinstall/reboot but to no avail.

    I have iPhone 3Gs on iOS 4.0 and have no problem with JailbreakMe at all. Anybody can help with these 2 apps from Cydia? I want to make my iPhone a full fledge mobile computing powerhouse 🙂

  • Aidan

    Be sure to change your root password if you do jailbreak:
    1. On your iOS device, go to Settings, then WiFi. Tap the blue arrow next to your current network. This should take you to a page with network information. Note the IP address. It should be something like 192.168.0.something.
    2. Using a computer on the same network, open a terminal and ssh to your iDevice:
    macintosh$ ssh root@192.168.0.whatever
    It will prompt you for a password. Enter ‘alpine.’
    You should now be at a command prompt. It will be kinda slow, since it’s running on your iPhone.
    3. Use the ‘passwd’ command to change your password.
    4. To exit, type ‘logout’ or ‘exit’ or type control-D.

  • Thefallen

    Cydia already has this tweak available for download. I just did it.

  • chtrich

    Thefallen………what’s the name of the tweak on Cydia?

  • Nick

    It’s called like PDF blocker or something. Just go under the Changes tab. It will be there as a Tweak.

  • Burge

    It’s callerd ,PDF loading warner

  • chtrich

    Thanks!

  • Burge

    I’ve got both of them, ifile wouldn’t work with me so I used downloader from the app store to get the deb file then used ifile to find the app, ifile, and then copyed the deb file in to the var/mobil folder. Once there I opened it and it worked

  • Mezz

    i cant find it in cydia.does go by another name?

  • Mezz

    forget it i found it

    • maritza lule

      Did it work for u? I’m having a hard time opening it without it crashing

  • Mindy

    Question: Cydia is installed. I have not installed OpenSSH.

    Do I need to change my root password? Can I, or others, access my phone without installing OpenSSH?

    I tried using Terminal on my Mac to access my computer using Aidan’s instructions. It said connection refused. Does this mean my phone is safe without changing the password (since Mobile Terminal isn’t working for 4.0)?

    Thanks.

    • mKizzo

      Bump. Any opinions on this?

      • Dale

        This is a pretty old topic, not gonna lie… Anyway, to the point 😛 You cannot access your phone via SSH without the OpenSSH package installed from Cydia, so without it, you don’t have a root password to change 🙂 That’s why your connection got refused – your iPhone doesn’t know what to do with the connection without OpenSSH.

  • zuba

    HEY GUYS I HAVE IPHONE 3GS IOS4.0.1
    I GO TO JAILBREAKME.COM AND IT SAYS DOWNLOADING, BUT THEN AFTER 10 SECONDS IT CRASHES AND NEVER DOWNLOADS EVEN ONE BYTE
    HELP MEE!!!

  • maritza lule

    I downloaded terminal but it keeps crashing is there anyway I can get it to work

  • Pat Dwyer

    Went on jailbreakme.com on my 2g ipod touch MC model running official 4.0 software. I slide the bar and up comes that space picture then safari closes down about 2 or 3 seconds later. Have tried jailbreakme.modmyi.com but I couldn’t get that to work either HELP!!!!!!!!!!!!

  • Trey

    Don’t fuck Ur phones and iPods up doom this when u jailbreak ur phone it’ll work just fine month later ur shut will just stop crash on you yes yo shit will be broke lol

  • wtf

    Trey wins the award for most confusing words of any post in here. Like a rabid drunk spellchecker attacked his post before it got here.
    So.. terminal doesnt work with iphone4. crashes immediately you run it. how does a pc user get into their phone to reset the password to something safer?

  • Donna

    What about Ipad first generation? If you jailbreak that does it do all the things mentioned about Iphone and Ipad2? Thanks
    ps that is my real email address listed says it all lol