Comex has just tweeted that his source code for JailbreakMe 3.0. The code named ‘saffron’ the jailbreak uses a PDF that exploits the font system into installing a custom payload, explains Sogeti.
Two exploits are used to jailbreak Apple devices by opening a PDF file in the MobileSafari browser: initial code execution is obtained through a vulnerability in the Freetype Type 1 font parser, allowing subsequent exploitation of a kernel vulnerability to disable code signing enforcement, get root privileges and “install” the jailbreak. The same kernel vulnerability is also exploited at each reboot to provide an untethered jailbreak, using the Incomplete Codesign technique to bootstrap the kernel exploit
(Saffron) is now available through Github. This means if you are a programmer and are interested in seeing just how JailbreakMe 3.0 ticks you can check out the source code right now by clicking here.