Printed from http://www.electronista.com

Apple to patch PDF exploit in iOS, stop JailBreakMe for now

updated 09:35 am EDT, Thu July 7, 2011

Apple confirms work on fixing PDF security hole

Apple on Thursday said it was working on a fix for an exploit in how it handles PDF files. The promise was a response to a German Federal Office for Information Security warning that the hole could let a hacker or hostile web code get root-level control to hijack the phone or spy on personal info. The company was adamant it "takes security very seriously" and had a solution, though it didn't say when.

"We're aware of this reported issue and developing a fix that will be available to customers in an upcoming software update," Apple said.

In the interim, the German officials suggested device owners should avoid opening PDF files from sources they didn't already know.

The fix is likely to temporarily frustrate jailbreakers. A recent revival of JailbreakMe depends on the PDF hole to de-restrict iOS using solely the web and a reboot. Future security hole discoveries are likely to reopen access in the short term.

Jailbreaking, commonly described as rooting on Android devices, has always carried inherent risks by its very nature. The technique gives apps full permission to run without even basic controls. While it allows much more flexibility in apps, it also lets viruses and other code run without warnings. The only malware to ever infect iOS devices in the wild has targeted jailbroken iPhones where a regular device had safeguards that stopped it.



By Electronista Staff
toggle

Comments

  1. testudo

    Forum Regular

    Joined: Aug 2001

    -2

    nice

    Glad to see Apple still has all sorts of security issues with PDF viewing.

    And please remember that this is yet another security hole in the iOS that would allow someone to gain root access to the device by just having the user open a specially crafted PDF file.

  1. Tjp

    Fresh-Faced Recruit

    Joined: Jan 2010

    +1

    It's already out

    Comex published the fix the day after the exploit was officially published. For the most part the jailbreak community is very security conscious and has all manner of suggestions to make your device more secure, all the while of course violating the built in security first to jailbreak it. I personally believe that if AT&T and other carriers unlocked the phones at the end of the contract (by time or being bought out) then 90% of the jailbreakers would lose the motive to jailbreak the phones. At 10% the community would be hard pressed to survive. So the best tactic Apple and the carriers could take is to unlock the phones (worldwide, as some of you folks already can officially) after the end of the contract. Apple could even do it automatically. No original iPhone should be on contract now. Just unlock it next sync. Most 3G phones (all in the US) are off contract now. Do the same. And so on. Then allow folks with a 3GS that is not under contract to unlock, and some 4s are not under contract either (bought out by early termination). Apple checks the database periodically when you buy a phone (if you're upgrade eligible) so just add if a IMEI is in the carrier database as subsidized still. If not unlock it. They can cache the database locally (at Apple, not your machine) for each carrier so it is not a burden to the carrier. Apple already does significant checks each sync if you are networked.

    But back to the original point. Unlocked phones are least likely to be jailbroken. Developer accounts for $99 can allow any other software to be added safely to the phone in the sandboxed app environment. Maybe enable loading your own connected device possible on the free developer sdk version and poof, no need at all to jailbreak. The people who jailbreak can run a script more easily to drive the developer tools to load an app.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Logitech Hyperion Fury mouse

Selecting the correct gaming mouse comes down to finding a device that balances the needs of a user with a price they can afford. Ofte ...

Life n Soul BM211 Bluetooth speaker

Bluetooth speakers aren't only for listening to some music at the park or on a long bus ride, but can also be built with tablets in mi ...

Epson PowerLite Home Cinema 2030 projector

With high-definition televisions now the standard, 4K televisions becoming the next big thing, and plasma TVs going the way of the din ...

Sponsor

toggle

Most Commented

 
toggle

Popular News