Comex and et al released a new jail-breaking tool ‘JailbreakMe 2.0’ which provides a simple and one-click solution to jailbreak your iPhone 4, 3G, 3GS on iOS 4.0 & iOS 4.0.1 and iPad on iOS 3.2.1. JailbreakMe 2.0 uses an exploit in iOS 4.x by which Comex injected the jailbreak code in a PDF document which is then downloaded and executed to complete the jailbreaking process.
Now as this exploit is known to everyone, there are chances that some bad guys might take the advantage of this bug to steal the information from your iPhone. They might try to push you to download a malicious code in a PDF document. Though the chances of this happening are very low, but here is a quick fix published by MacStories.
Tweeted by @cdevwill earlier today, all you have to do is download this .deb file and open it on your device using either Terminal from your Mac, or iFile on the iPhone. Just download it and place it in /var/mobile. If you are a Windows user, you can learn here how to install and use OpenSSH to transfer the files.
Step 1: Using Terminal: ssh root@your IP address
Step 2: Enter the password alpine
Step 3: Run the command: dpkg -i file.deb
Where “alpine” is the default password you’ll get after installing Open SSH from Cydia and “your IP address” is located under Settings – > Wifi – > active wifi connection.
Step 5: Now using iFile (in case of Windows user, you can use WinSCP), navigate to /var/mobile and double tap on the .deb file to install it.
This won’t actually patch the exploit but it will now ask you for permission every time a PDF document wants to be downloaded to your iPhone. If you know what you’re downloading then fine. However if a site tries to use Comex’s exploit and downloads some malicious software onto your iPhone, you will be able to deny it access.
Apple is going to fix this problem in the next update of iOS and hopefullly Cydia and Comex will try to fix it in the next release of JailbreakMe. However if you are conscious about security and privacy, you can use this trick at your own risk.
If you have already protected your iPhone or will protect it soon, share your thoughts and experiences in the comments below for other readers and users.