Maximiliano Firtman's articles, notes and learning experiences for


Executing native code using the browser, how it works and the security problem behind

Maximiliano Firtman avatarby Maximiliano Firtman Twitter @firt About Newsletter

About 2 min reading time

Today, August 1st, 2010, a new website (and trending topic) appeared that allow you to jailbreak your iPhone, iPod or iPad using iOS 3.1, 3.2 or 4.0: Jailbreak Me.

The main advantage of this new jailbreak method is that the process is done entirely from the browser, Safari on iOS. Therefore, it took my attention.

How can a website, with just HTML, CSS and JavaScript can execute a code that changes the operating system?

If you don’t know what jailbreak is: an operating system cracking method that allows the installation of not-allowed by Apple applications. Since July, 2010, jailbreaking is legal in United States but not authorized by Apple for the warranty (but you can always restore your original OS).

I analyzed the JavaScript source code from Jailbreakme to understand the process. It has an excellent solution to detect which iOS device is using different JavaScript techniques, including execution of SunSpider JS benchmark that I can talk about it in other post.

After detecting the device and OS version, the part doing the jailbreak is just a PDF file. A PDF file? Yes, the jailbreak is done using just a PDF inside an invisible iframe, so I believe that this website is using a PDF security vulnerability for all iOS versions. Here is the code:

var a = document.createElement("iframe");  
a.setAttribute("src", page); = "absolute"; = "0.000001"; = "100px"; = "100px"; = "-9999";

The page object has the URL of any of these PDF files found on

So, there is no magic behind this website, just a vulnerability on the PDF viewer. However, the website is very clever, and has a great implementation of JavaScript and CSS extensions on WebKit to deliver a great visual experience.

I don’t have more information about the PDF itself up to now, because this security problem can lead also to some potential problems for iOS. I mean, any website can now jailbreak your device without your consent! Or maybe install something else on the device. I’m pretty sure that Apple will update the OS to solve this vulnerability but, until now, we have time to test over this security hole over Safari on iOS.

You can access the FAQ of the website, or jailbreak your own iOS device pointing Safari to if you want to test it by your own responsability.

This article was first published in blog no longer mantained. Public comments were available at the time, and they were removed when re-published.

Half typewriter, half computer

© Maximiliano Firtman (@firt) contains a collection of writings, thoughts, notes and learning experiences for web and mobile app developers authored by Maximiliano Firtman.

Contact me: Personal Website Buy Me A Coffee