Hackers patch PDF exploit on older, jailbroken iOS devices
Earlier this week, Apple released iOS 4.0.2 for the iPhone 3G, iPhone 3GS, iPhone 4, and second- and third-generation iPod touch models, addressing a dangerous security flaw that could allow a hacker to take remote control of a device. It also released iOS 3.2.2, packing the same fix the iPad and iPad 3G.
But users of the first-generation iPhone and iPod touch do not have access to an official software update from Apple that will fix the PDF exploit. For them, the latest compatible version of iOS is 3.1.3.
A hacker who goes by the handle "Saurik," who also maintains the alternative storefront Cydia, released a PDF patch this week that addresses the exploit for all devices and all firmware versions, dating back to iOS 2.x.
"Since the only reason for 4.0.2 was to fix the security holes, and since the upcoming Cydia package will fix them too (and then some!), everybody should sit tight on 4.0.1 (or lower) and install the Cydia package as soon as itâs out," the iPhone Dev-Team wrote on its official blog. "Jailbreakers can have their cake and eat it too."
Ironically, those same hackers relied on the very same exploit to create a browser-based jailbreak for iOS devices, including the iPhone and iPad.
Jailbreaking allows users to run software not approved by Apple, which has no plans to allow users to install third-party applications downloaded from outside its sanctioned App Store. Hackers have created their own custom applications — many free, and some for purchase from an alternative storefront known as Cydia.
Though it can void Apple's product warranty, the process is legal, as the U.S. Library of Congress officially declared last month. The government approved the measure as an exemption to a federal law which prevents the circumvention of technical measures that keep users from accessing and modifying copyrighted works.
Jailbreaking also allows users to pirate App Store software, one reason Apple has been opposed to the practice.