Skip to content

I couldn’t resist looking into the source of it. It is obfuscated a bit, but there are some interesting parts. Example: How it detects device models.

For iPad, well there’s just one iPad so they just search the UA string for iPad and it’s totally iPad1,1. iPhone 4 is detected by the global devicePixelRatio property, because the pixel is dying. Differentiating between iPhone models (not just firmware versions) is pretty awesome. They do a speed test. Specifically, SunSpider. It’s pretty much the de-facto standard web benchmark nowadays, and it was also started by Apple for the Webkit project.

Apart from that, the exploit itself is PDF based. Which is interesting as Adobe Reader accounted for 80% of exploits in 2009. However, iOS’s implementation is probably totally independent, but it’s neat seeing this happen. The exploit is located at For example, the iPhone 4′s URL would be,1/4.0.pdf. The resulting file is 12.9KB. I assume it’s some pretty standard attack code because I’m not a hacker and I know absolutely nothing about that.

Posted in Uncategorized.

Tagged with , , .

3 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

  1. Declan Land says

    Im trying to download that file and see if i can load it up on my iPhone .. But it’s not happening :/ any ideas of what i can do to load this up propperly ? :) thanks

  2. admin says has the source code.

  3. louboutin basket femme pas cher says

    These are actually enormous ideas in concerning blogging.
    You have touched some pleasant points here.
    Any way keep up wrinting.

    louboutin basket femme pas cher

Some HTML is OK

or, reply to this post via trackback.