Apple announced last week that it was working on a fix to a recently-disclosed vulnerability in iOS, one that allowed malcrafted PDFs to remotely execute code. While we hadn’t seen any instances of the attack vector being used with malicious intent, Apple obviously couldn’t leave such a gaping hole open, and has been scrambling to put together and test a fix for the bug. That fix is now here, in the form of iOS 4.3.4 (4.2.9 for Verizon).
If all this sounds good, you must not be interested in jailbreaking your iPhone, because this PDF vulnerability is what allowed the most recent incarnation of the JailbreakMe.com website to give visitors an easy-to-use tool to quickly jailbreak their iOS devices. With the PDF problem corrected, that convenient vector is no longer exploitable.
Without a legit way to jailbreak your iPhone, don’t expect this sort of cat-and-mouse game to ever stop. Due to the nature of how jailbreaks must side-step iOS security, they rely on exploits the same as malware does. Is Apple just shooting itself in the foot by forcing hackers to keep looking for new exploits? Maybe, but what choice does it have if it wishes to maintain the same level of control over iOS?