While the new iPhone 4 jailbreak is relatively easy to perform and can get users up and running in no time to add new features and functions to their iPhone, the process does expose a security vulnerability that would make it easy for thieves and malicious hackers to steal your messages, phone book, and other items. Even if you’re not on an iPhone, you’re not safe as your friends who have a jailbroken iPhone with your information on it can leave your information vulnerable.
According to BGR, the exploit works by taking advantage of the PDF viewing capabilities:
This is done through the jailbreakme PDF exploit. Under this method, it would be possible to steal your address book, text message database, or much worse. There is going to be a security solution soon though, as BGR has been informed that a plugin named PDF Loading Warner” has been created to combat this potential security risk. It works by hooking into the device system and will display a warning before a PDF can be displayed. If you install this plugin and navigate to a website that should not be showing a PDF and get this warning, you are able to click “Cancel”, blocking the PDF from loading and subsequently stealing your data.
The forthcoming patch does not patch up the vulnerability in iOS 4, but rather give users more control, much like how desktop operating systems now ask if you want to run an executable program.