[PugetSoundSoldier]

Good to hear! Seems that most people that visit the site have great success with it... I guess it’s a blessing in disguise that this arbitrary code execution hole exists.

[RachelFaith]

WOW. That is an amazing hack. And a real one too! Nice catch.

I looked at the code too, very well done. I expect it patched by morning, but, they did a very good trick. Using the PDF interpreter to load code through Safari.

Of course, this only lends MORE Credibility to Job’s resistance to Adobe’s Flash. Adobe invented PDF too.

61 lines of code. Very elegant actually.

This is the code for my version of the iPhone while I wait for my White 4.

-—— SAFE JUST A COPY ———

1.
%!PS-Adobe-3.0
2.
%%Pages: (atend)
3.
%%BoundingBox: 0 0 0 0
4.
%%HiResBoundingBox: 0.000000 0.000000 0.000000 0.000000
5.
%%Creator: GPL Ghostscript 871 (pswrite)
6.
%%CreationDate: 2010/08/02 20:22:49
7.
%%DocumentData: Clean7Bit
8.
%%LanguageLevel: 2
9.
%%EndComments
10.
%%BeginProlog
11.
% This copyright applies to everything between here and the %%EndProlog:
12.
% Copyright (C) 2010 Artifex Software, Inc. All rights reserved.
13.
%%BeginResource: procset GS_pswrite_2_0_1001 1.001 0
14.
/GS_pswrite_2_0_1001 80 dict dup begin
15.
/PageSize 2 array def/setpagesize{ PageSize aload pop 3 index eq exch
16.
4 index eq and{ pop pop pop}{ PageSize dup 1
17.
5 -1 roll put 0 4 -1 roll put dup null eq {false} {dup where} ifelse{ exch get exec}
18.
{ pop/setpagedevice where
19.
{ pop 1 dict dup /PageSize PageSize put setpagedevice}
20.
{ /setpage where{ pop PageSize aload pop pageparams 3 {exch pop} repeat
21.
setpage}if}ifelse}ifelse}ifelse} bind def
22.
/!{bind def}bind def/#{load def}!/N/counttomark #
23.
/rG{3{3 -1 roll 255 div}repeat setrgbcolor}!/G{255 div setgray}!/K{0 G}!
24.
/r6{dup 3 -1 roll rG}!/r5{dup 3 1 roll rG}!/r3{dup rG}!
25.
/w/setlinewidth #/J/setlinecap #
26.
/j/setlinejoin #/M/setmiterlimit #/d/setdash #/i/setflat #
27.
/m/moveto #/l/lineto #/c/rcurveto #
28.
/p{N 2 idiv{N -2 roll rlineto}repeat}!
29.
/P{N 0 gt{N -2 roll moveto p}if}!
30.
/h{p closepath}!/H{P closepath}!
31.
/lx{0 rlineto}!/ly{0 exch rlineto}!/v{0 0 6 2 roll c}!/y{2 copy c}!
32.
/re{4 -2 roll m exch dup lx exch ly neg lx h}!
33.
/^{3 index neg 3 index neg}!
34.
/f{P fill}!/f*{P eofill}!/s{H stroke}!/S{P stroke}!
35.
/q/gsave #/Q/grestore #/rf{re fill}!
36.
/Y{P clip newpath}!/Y*{P eoclip newpath}!/rY{re Y}!
37.
/|={pop exch 4 1 roll 1 array astore cvx 3 array astore cvx exch 1 index def exec}!
38.
/|{exch string readstring |=}!
39.
/+{dup type/nametype eq{2 index 7 add -3 bitshift 2 index mul}if}!
40.
/@/currentfile #/${+ @ |}!
41.
/B{{2 copy string{readstring pop}aload pop 4 array astore cvx
42.
3 1 roll}repeat pop pop true}!
43.
/Ix{[1 0 0 1 11 -2 roll exch neg exch neg]exch}!
44.
/,{true exch Ix imagemask}!/If{false exch Ix imagemask}!/I{exch Ix image}!
45.
/Ic{exch Ix false 3 colorimage}!
46.
/F{/Columns counttomark 3 add -2 roll/Rows exch/K -1/BlackIs1 true>>
47.
/CCITTFaxDecode filter}!/FX{<</EndOfBlock false F}!
48.
/X{/ASCII85Decode filter}!/@X{@ X}!/&2{2 index 2 index}!
49.
/@F{@ &2<<F}!/@C{@X &2 FX}!
50.
/$X{+ @X |}!/&4{4 index 4 index}!/$F{+ @ &4<<F |}!/$C{+ @X &4 FX |}!
51.
/IC{3 1 roll 10 dict begin 1{/ImageType/Interpolate/Decode/DataSource
52.
/ImageMatrix/BitsPerComponent/Height/Width}{exch def}forall
53.
currentdict end image}!
54.
/~{@ read {pop} if}!
55.
end def
56.
%%EndResource
57.
/pagesave null def
58.
%%EndProlog
59.
%%Trailer
60.
%%Pages: 0
61.
%%EOF