iPhone, iPad Jailbreak Service False-Flagged as Malware

/ Source: SecurityNewsDaily

Comex, the creator of the Jailbreakme service, has told SecurityNewsDaily that his website has NOT been infected.

"The new PDFs are intended; Norton fails at it," he emailed us. "Thanks though."

The original story below:

Attention all iPad and iPhone users: Don't go to Jailbreakme.com for the time being.

Jailbreakme, the easy-as-pie unlocking service for iPhones and iPads, appears to have been hacked by malware writers.

Security researcher Mikko Hypponen of Finland's F-Secure tweeted Monday afternoon (July 11) that he'd found something funny inside the directory ( http://www.jailbreakme.com/saffron/_/ ) of the Jailbreakme.com website.

Every original PDF that was used to exploit the iOS operating system in order to jailbreak the devices had been duplicated by a similar file that just added "2" to the original's name.

SecurityNewsDaily tried to analyze the duplicates, as well as the original files – and our Norton antivirus software immediately flagged several files as containing a Trojan called "Trojan.Gen.2".

The duplicate files appear to have been uploaded at 16:32 today – about 12:32 EDT, assuming the server logs use Universal Time.

Oddly enough, it was the original files, last modified on July 6, that contained the Trojan, not the duplicates.

Attempts to contact Comex, the pseudonymous creator of Jailbreakme, via Twitter and email were unsuccessful.

Jailbreakme allows iOS users to "jailbreak" their devices by simply directing their Safari browers to jailbreakme.com. The devices will then be able to install iOS apps not authorized by Apple.

For this latest version of Jailbreakme, Comex exploited a known vulnerability in the way iOS 4.3.3. handles PDFs through Safari.

Mindful of the vulnerability, Comex also created a patch for it, which could only be installed after the iPad, iPhone or iPod Touch had been jailbroken.

While Comex's intentions are good, he created a path for malware writers to follow, as we predicted last week.

And now it appears his own website's been hacked. It won't be long before the poisoned PDFs appear elsewhere on the Internet, waiting for iOS devices to infect.