Apple says iOS update coming to fix new PDF exploitA new browser-based hack that allows users to wirelessly jailbreak their iPhone, iPod touch or iPad has led to fresh concerns over the security of the iOS platform, while Apple has promised that a fix will arrive soon.
The latest version of JailbreakMe.com was released Wednesday by the iOS hacking group Dev-Team. According to the site, users can "just browse to http://www.jailbreakme.com on [their] device and install it from there." The hack resembles an earlier version of JailBreakMe that arrived last year.
But, security researchers worry that the vulnerability could allow hackers to install malware when a user clicks on a malicious PDF.
"The Jailbreakme.com exploit downloads a payload to jailbreak the phone, but it could be changed to deliver a malicious payload," security expert Charlie Miller said. He notes that this is the first exploit that can defeat Apple's ASLR (Address Space Layout Randomization)," a technique developed by the Cupertino-based company to obstruct various attacks.
Apple has responded to the concerns via spokeswoman Trudy Millar, who said: "Apple takes security very seriously. We're aware of this reported issue and are developing a fix that will be available to customers in an upcoming software update.
Jailbreaking an iOS device allows the installation of third-party apps outside of the App Store and is often used for carrier unlocks for the iPhone, though the process does void Apples warranty. Last year, the U.S. government declared jailbreaking and unlocking legal, though Apple is not obligated to support modified devices.
Those who are currently running jailbroken devices can fix the flaw by downloading the latest PDF Patcher 2 software released by the Dev-Team on the Cydia store for unsanctioned apps, while those with non-jailbroken devices will have to wait for Apple to release a fix. Last year, it took Apple nine days to release an update that solved the PDF exploit.