Submitted by Bob Bhatnagar on
Comex's release of in-browser jailbreaking software for the iPhone has revealed a major security hole in all iPhones. Turns out the exploit used to download and install the jailbreak in Mobile Safari could also be used by malicious programmers to install spyware or other data-stealing software on iOS.
By creating a jailbreak procedure that can be performed anywhere (pictured above by 0xcharlie in the Apple Store) Comex has also made it clear that Apple has some security patching work ahead. What happens is that anytime a PDF file is accessed from the Safari browser, the PDF is capable of running programs that would normally be prevented from execution.
Although Apple will likely act to fix the PDF bug to prevent any malicious code from stealing people's contacts or other sensitive information, this would also render the exploit that JailbreakMe uses unusable after the patch. Ironically, jailbreaking your iPhone provides access to a browser plug-in called "PDF Loading Warner" which will ask permission before a website opens a PDF document. Users then have a choice if they know the PDF file is posted in a safe location, and can be protected from inadvertently installing spyware, trojans, or viruses.
JailbreakMe is currently the only known software taking advantage of the PDF exploit, although security firms are keeping an eye out and researching the matter to catch any other programs that might appear in the wild. F-Secure has reported that during the first stage of the exploit a corrupted font inside a PDF file crashes the Compact Font Format handler. From there, it's jailbreak city.
Remember, all iPhones are affected, whether they are jailbroken or not. The experts recommend keeping your mobile web browsing to known safe sites until Apple can come up with a security update. iOS 4.1 Beta 2 is already in the hands of developers, but a public release isn't expected until September. Apple sometimes releases interim updates, such as the 4.0.1 update that corrected a signal bar formula.