Apple To Fix iOS PDF Bug, Close JailbreakMe Hole
The latest incarnation of JailbreakMe.com recently went live, offering iPhone, iPad, and iPod touch users a dead-simple way to gain full access to their hardware. Near-simultaneously, Germany’s Federal Office for Information Security warned Apple about an iOS vulnerability in its handling of PDF files, creating a serious security hole. If any of this sounds familiar to you, it should, because nearly the same saga played out last summer. This time, it looks like it will conclude in a similar fashion, with Apple releasing an update that fixes the vulnerability and stops the jailbreak.
The issue at the core of this is that, without a legit way for users to jailbreak their smartphones, the tools that do so rely on iOS exploits to escalate their privileges and modify system files. The JailbreakMe website relies on an exploit in PDF parsing in order to hijack the system and do its business; problem is, there’s nothing stopping someone from creating a website that maliciously hosts a file using that same exploit in order to reek havoc on your phone.
After the warning from Germany, Apple announced it was working on an update to correct the bug. As a consequence, JailbreakMe.com will no longer function after the vulnerability is patched. Look for Apple’s solution to arrive within the next week or so.