Difference between revisions of "Malformed CFF Vulnerability"

From The iPhone Wiki
Jump to: navigation, search
(links etc.)
(Made it more like the other exploit pages.)
Line 1: Line 1:
  +
This vulnerability, along with the [[IOService Kernel Exploit]], was used in [[Star]]/[[JailbreakMe]] 2.0. It is a stack overflow in the handling of [[wikipedia:PostScript fonts#Compact Font Format|CFF]] opcodes. Contrary to popular belief, it is '''not''' a problem with the PDF parser, although the malformed font was placed in a PDF for exploitation.
== Exploit Status: PATCHED ==
 
   
  +
== Credit ==
This is the exploit used in [[User:Comex|Comex]]'s [[JailbreakMe|JailbreakMe 2.0]] [[Star]], the first public jailbreak for the [[K48ap|iPad]] running 3.2 or 3.2.1 and the [[N90ap|iPhone 4]] running 4.0 or 4.0.1.
 
  +
[[User:Comex|comex]]
 
10 days after the jailbreak/exploit was released, Apple fixed the hole with the iOS 4.0.2 and 3.2.2 software updates.
 
   
 
[[Category:Exploits]]
 
[[Category:Exploits]]

Revision as of 03:34, 12 October 2010

This vulnerability, along with the IOService Kernel Exploit, was used in Star/JailbreakMe 2.0. It is a stack overflow in the handling of CFF opcodes. Contrary to popular belief, it is not a problem with the PDF parser, although the malformed font was placed in a PDF for exploitation.

Credit

comex