updated 09:35 am EDT, Thu July 7, 2011
Apple confirms work on fixing PDF security hole
Apple on Thursday said it was working on a fix for an exploit in how it handles PDF files. The promise was a response to a German Federal Office for Information Security warning that the hole could let a hacker or hostile web code get root-level control to hijack the phone or spy on personal info. The company was adamant it "takes security very seriously" and had a solution, though it didn't say when.
"We're aware of this reported issue and developing a fix that will be available to customers in an upcoming software update," Apple said.
In the interim, the German officials suggested device owners should avoid opening PDF files from sources they didn't already know.
The fix is likely to temporarily frustrate jailbreakers. A recent revival of JailbreakMe depends on the PDF hole to de-restrict iOS using solely the web and a reboot. Future security hole discoveries are likely to reopen access in the short term.
Jailbreaking, commonly described as rooting on Android devices, has always carried inherent risks by its very nature. The technique gives apps full permission to run without even basic controls. While it allows much more flexibility in apps, it also lets viruses and other code run without warnings. The only malware to ever infect iOS devices in the wild has targeted jailbroken iPhones where a regular device had safeguards that stopped it.