What's new
Apple iPad Forum 🍎

Welcome to the Apple iPad Forum, your one stop source for all things iPad. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Security Warning! Both Jailbroken and Non Jailbroken devices..

MikesTooLz said:
The password issue is ONLY IF YOUR JAILBROKEN ALREADY AND INSTALL OPENSSH!!!!
Click to expand...

I guess you miss the fact that this JB DOES install OpenSSH... or even skipped past my post where I mentioned that this JB does install OpenSSH...
 
DawgBone said:
MikesTooLz said:
The password issue is ONLY IF YOUR JAILBROKEN ALREADY AND INSTALL OPENSSH!!!!
Click to expand...

I guess you miss the fact that this JB DOES install OpenSSH... or even skipped past my post where I mentioned that this JB does install OpenSSH...
Click to expand...

It already has access to your system before can install OpenSSH. OpenSSH isn't something you can just install on any device without already gaining full access to it.



I'm going to just stop commenting on this thread, you guys obviously don't know or want to know. Its doing what ever you THINK it does and thats it.
 
MikesTooLz said:
DawgBone said:
MikesTooLz said:
The password issue is ONLY IF YOUR JAILBROKEN ALREADY AND INSTALL OPENSSH!!!!
Click to expand...

I guess you miss the fact that this JB DOES install OpenSSH... or even skipped past my post where I mentioned that this JB does install OpenSSH...
Click to expand...

It already has access to your system before can install OpenSSH. OpenSSH isn't something you can just install on any device without already gaining full access to it.



I'm going to just stop commenting on this thread, you guys obviously don't know or want to know. Its doing what ever you THINK it does and thats it.
Click to expand...


I hate to say it... but it's only getting access through the known root credentials... The jailbreak uses stock FW from CrApple with the stock Root password.... He found a way to inject his code, and run it in a hole left open from CrApple... And is only able to execute it because stock FW has a Root PW of "alpine"...

I'm almost 100% sure that if you JB using jailbreakme.com.... change your root password... and, for whatever reason, try to re-jailbreak without restoring.... It would fail.....

I'm nearly 100% sure that he is depending on the Root PW to be "alpine" to run his code.... Again... like I mentioned, it would be best to ask @Comex about this....

For all we know... this PDF Warner app is just gathering device info, and could be a "virus" in itself....
 
Last edited:
MikesTooLz said:
It already has access to your system before can install OpenSSH. OpenSSH isn't something you can just install on any device without already gaining full access to it.
Click to expand...

How do you think he gained access to install OpenSSH?
How do you think he got "full access to it" to manage his code?


How about you let me rig up my website, and you leave the administrator/root password on your machine as "alpine"..... come visit my site...

Let's see what happens to your machine......
 
DawgBone said:
I hate to say it... but it's only getting access through the known root credentials... The jailbreak uses stock FW from CrApple with the stock Root password.... He found a way to inject his code, and run it in a hole left open from CrApple... And is only able to execute it because stock FW has a Root PW of "alpine"...

I'm almost 100% sure that if you JB using jailbreakme.com.... change your root password... and, for whatever reason, try to re-jailbreak without restoring.... It would fail.....

I'm nearly 100% sure that he is depending on the Root PW to be "alpine" to run his code.... Again... like I mentioned, it would be best to ask @Comex about this....

For all we know... this PDF Warner app is just gathering device info, and could be a "virus" in itself....
Click to expand...

I just tested your crazy theory. Changed default password, went over to jailbreakme.com and guess what. It was still able to load the jailbreak and go through the jailbreak process again.

Oh and by the way, OpenSSH wasn't installed by the jailbreak I had to manually install it.
 
Last edited:
MikesTooLz said:
DawgBone said:
I hate to say it... but it's only getting access through the known root credentials... The jailbreak uses stock FW from CrApple with the stock Root password.... He found a way to inject his code, and run it in a hole left open from CrApple... And is only able to execute it because stock FW has a Root PW of "alpine"...

I'm almost 100% sure that if you JB using jailbreakme.com.... change your root password... and, for whatever reason, try to re-jailbreak without restoring.... It would fail.....

I'm nearly 100% sure that he is depending on the Root PW to be "alpine" to run his code.... Again... like I mentioned, it would be best to ask @Comex about this....

For all we know... this PDF Warner app is just gathering device info, and could be a "virus" in itself....
Click to expand...

I just tested your crazy theory. Changed default password, went over to jailbreakme.com and guess what. It was still able to load the jailbreak and go through the jailbreak process agian.
Click to expand...

How did you change your Mobile/SSH/Root passwords?
Granted, he may even have code in there to see if you're already JB'ed...and do nothing.... although it "looks" like you did actually JB...

Again... I'd love to see you ask @Comex about it...
 
Last edited:
DawgBone said:
MikesTooLz said:
DawgBone said:
I hate to say it... but it's only getting access through the known root credentials... The jailbreak uses stock FW from CrApple with the stock Root password.... He found a way to inject his code, and run it in a hole left open from CrApple... And is only able to execute it because stock FW has a Root PW of "alpine"...

I'm almost 100% sure that if you JB using jailbreakme.com.... change your root password... and, for whatever reason, try to re-jailbreak without restoring.... It would fail.....

I'm nearly 100% sure that he is depending on the Root PW to be "alpine" to run his code.... Again... like I mentioned, it would be best to ask @Comex about this....

For all we know... this PDF Warner app is just gathering device info, and could be a "virus" in itself....
Click to expand...

I just tested your crazy theory. Changed default password, went over to jailbreakme.com and guess what. It was still able to load the jailbreak and go through the jailbreak process agian.
Click to expand...

How did you change your Mobile/SSH/Root passwords?
Click to expand...

Open Rock App and it gives a warning saying you still have the default alpine password and would you like to change it. Enter new password and its set.

I also checked via MobileTerminal and PuTTY
 
@DawgBone: I completely agree with Mike. Do you know what an exploit means? Do you think viruses brute-force your OS-password? No.
Maybe this makes things more clear to you:
Exploit (computer security) - Wikipedia, the free encyclopedia
There is nothing about any password in the JB procedure...
Maybe they get access to a part of the memory by an buffer overflow where they can inject code which is executed. Same thing with the Wii and the Twilight Hack:
Twilight hack - Wikipedia, the free encyclopedia
 
Two link chain?

If i'm reading the description of this exploit correctly, it requires two things.
1. An infected PDF
2. Opening the PDF in safari

My question is how do i disable safari handling PDFs on the iPad. Frankly i don't want it doing so anyway.

The second is if your PDFs are coming from legitimate sources where's the concern?

Thirdly, why is the browser even allowed to download anything without your acceptance?

There are two culprits here. Adobe for having such a blatant hole and Apple for removing control of what your browser does to handle file types.

---------
When i originally wrote this i didn't realize that the true culprit was a flaw in one of the Adobe dlls related to handling true type fonts. And apparently the hole has been around for a long time.
 
Last edited:
Back to the original topic of this topic.....

I have a Magazine app and it is having the same problem as the iBook problem...asking for permission to allow for access to PDF. I am hoping that there will be a way to tell the app the iBook and my magazine app does not need the 'checking'.
 
Already uninstalled

I already uninstalled this app as one of the primary reasons ai got an iPad was to have a portable solution for reading documents.

I have several PDF readers installed on my iPad some of which allow annotation of the original source.

Whevenever i try to load PDFs in any of them I get several popups warning against loading the document.

Needless to say,that is not at all a useable solution form me.

For the time being I'm relying on the fact that my PDFs are from clean sources.

Unless there is a way to constraining the warnings to browsers it is of no use to me.
 
Last edited:
ch4rly said:
Is there an workaround or update planned for that?
Click to expand...
Second time today I answer my own question, LOL.
An update is out! iBooks does not bomb you with warnings anymore.
 
You must log in or register to reply here.

Most reactions

Similar threads

Mickey330
Funny CNN Article About Jailbreak Exploit
Replies
4
Views
2K
graywolf
graywolf
f4780y
IOS 6.1.1 Beta - WARNING!
Replies
0
Views
2K
f4780y
f4780y
M
Apple Intends to Patch Latest JailbreakMe Vulnerability
Replies
1
Views
4K
Oltrelogo
O
Timmah
Jailbreak iPad 3.2.1 with iBooks!
Replies
3
Views
7K
Hussainal
H
M
Apple Releases iOS 3.2.2 Security Patch for iPad
Replies
6
Views
6K
SherryM
S

Latest posts

Back
Top