CrunchGear reported an exploit that jailbroken iPhones with PushFix installed may broadcast your AIM messages to random recipients without your knowledge or consent. The bug was discovered by Till Schadde, founder of development house Equinux.

After he sent out an AIM to his jailbroken iPhone, he received AIM messages from random recipients. As reported, it’s quite certain that iPhone Dev team left a fatal flaw in the PushFix app:

The iPhone Dev Team, the same folks who unlocked the iPhone in the first place, created it to help us lowly users but they left a fatal flaw in the program. It seems they used a single UDID – Unique Device ID – for the fix. This in turn creates a sort of broadcast network of multiple jailbroken phones running Pushfix that report back to the push servers with the same UDID. The result? When you push to one, you push to all.


I have installed PushFix on my iPhone 2G for two weeks and tested it with BeejiveIM. So far, I do not receive any messages from unknown recipients. But I have to admit that PushFix is at its early stage and still under testing. It’s inevitable PushFix may contain fatal error like the one just mentioned. So, use at your own risk.

For those who have installed PushFix, to avoid any private AIM sending to random recipients, it’s suggested to uninstall PushFix until iPhone Dev team debuts the official version. Or your AIM may be sent to other unknown users. I’ll keep a close look on this push notification problem. But if you experience the broadcast issue reported by CrunchGear, remember to share with us by leaving your comment below and let us know which push application you’re using.

0 comments