Free Republic
Browse · Search 		Smoky Backroom
Topics · Post Article

To: Swordmaker; driftdiver
In the case of OSX and iOS, PDFs are usually read by native, non-Adobe, routines built into the OS... so they are not at risk either. IF someone has, for some reason, jail broken an iOS device—which do not have non-executable data stacks—and installed an Adobe reader or Flash player (I am not even sure either one is available—no, I just did a search and there aren't) then, they too, like the Android OS devices, might be susceptible to the exploits that have been seen for the Android devices. But, so far, for both non-jail broken and jail broken devices, nope,not happening.

Sorry Sword, remember "jailbreakme.com"? That was an ACE exploit used to JAILBREAK the iPhone. Meaning that malformed PDF actually ROOTED the phone, just by trying to open it. Bone-stock iOS install completely compromised by an ACE.

You're wrong here. That was PROOF POSITIVE that an ACE exploit could completely root iOS without anything more than just visiting a website. It was bone-stock Apple code on bone-stock iOS that was compromised.

Sorry, you're wrong. Now the question is: will you admit it?

171 posted on 09/15/2010 6:26:22 PM PDT by PugetSoundSoldier (Indignation over the Sting of Truth is the defense of the indefensible)
[ Post Reply | Private Reply | To 163 | View Replies ]

To: PugetSoundSoldier

It used to be Apple cannot be hacked, now its Apple doesn;t use Adobe. There have been multiple notifications of high risk vulnerabilities from Apple over the last few months.

Many have included the warning of arbitrary code execution. To be fair though it took Microsoft a long time to accept their responsibility and handle security vulnerabilities properly.

It takes more than hype to build and sustain a company. Sooner or later the shine wears off and people move to the next fad.


174 posted on 09/15/2010 6:37:16 PM PDT by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 171 | View Replies ]
To: PugetSoundSoldier
Sorry, you're wrong. Now the question is: will you admit it?

Puget, First of all, as I stated in the previous post, iOS devices do not have Non-Execute stacks and ARE vulnerable to data buffer overflow exploits. And yes, the iPhone was being ROOTED by a visit to a website and the downloading of a PDF file.

However, that vulnerability was closed with iOS 4.0.2 and iOS 3.2.2 four weeks ago... so talk about something up-to-date... and relevant to today. And even more so with the release of iOS 4.1

So, no, Puget, I am not wrong. This particular Adobe PDF vulnerability and FLASH flaw is NOT impacting iOS devices and no exploits are being reported. This flaw is in the Adobe READER and the Adobe Flash Player... not in the Apple written reader built into the iPhone, iPod, and iPad that was exploited in the Jailbreakme.com exploit... that vulnerability is gone. This is a totally different vulnerability and it simply DOES NOT EXIST on these devices because, Puget, these applications DO NOT EXIST for iOS. Can I make it any easier for you to understand than that? Whether there might be more buffer overflow vulnerabilities is not in question here... there may be. What is in question is DOES THIS VULNERABILITY, discovered last week, impact these devices. The answer is NO, it does not.

So you are wrong. Now the question is: Will you admit it?

176 posted on 09/15/2010 7:10:05 PM PDT by Swordmaker (This tag line is a Microsoft product "insult" free zone!)
[ Post Reply | Private Reply | To 171 | View Replies ]

Free Republic
Browse · Search 		Smoky Backroom
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson