Apple to fix iOS 4 PDF Security Flaw with next Software Update



Just a few days ago, iPhone Dev Team released the latest jailbreak for iPhone using which you can jailbreak your iOS device just by visiting Jailbreakme.com using Mobile Safari. The jailbreak is possible because iOS 4 has a security flaw in the way it loads PDF files from web. Cnet reports that Apple has developed the fix for the security flaw in iOS 4 which enables the web-based jailbreak and the fix will be deployed in an upcoming software update.

HOWTOFixThePDFExploitAfterJailbreakingWithJailbreakMe_thumb

Apple spokeswoman said in a statement on Wednesday,

We’re aware of this reported issue, we have already developed a fix and it will be available to customers in an upcoming software update.


Apple hasĀ  declined to say when the update would come. Apple also reported yesterday that they are investigating this issue which has actually two flaws and if these flaws are fixed, then the jailbreak would not be possible through mobile safari.

There are two distinct vulnerabilities in the iPhone uncovered with the jailbreak software’s release, principal analyst Charlie Miller of Independent Security Evaluators told CNET Tuesday. One flaw is in the way the browser parses PDF files, enabling the code to get inside a protective sandbox, and the other hole allows code to break out of the sandbox and get root, or control, privileges on the device.

Also because of this security flaw, the German government has officially issued a warning to the citizens about it and they are further investigating it.

Some would think these vulnerabilities can easily be exploited to jailbreak your iOS devices but it could also easily be used as an entry point to execute malicious code on your device.

[via Cnet]

I am a student of computer science. My interests are software development and blogging. Been blogging since a year now. I mostly cover Apple news.