Jailbreakme iPhone PDF Font Type1C Exploit

Ever since hearing about the jailbreakme iPhone hack yesterday, I’ve been obsessed with trying to figure out how this massive hack was achieved.

I know very little about iPhone exploits, so it has been small, tiny, baby steps for me.

So far, all I got is a parsed PDF file, with what seems like shellcode to exploit the PDF vulnerability:


I’ve been reading a lot of articles about PDF exploits, including one to launch arbitrary programs, but this specific exploit involving an embedded PDF Type1c font, has not been documented on the internet. My goal, at the very least, is to figure out how to modify the affected PDF to show custom messages that I input.

I was up until 4am hammering at this, so if anyone out there has any links, tutorials, or suggestions let me know.