iPhone security

Apple has already developed a patch for the iOS 4 Mobile Safari exploit revealed by JailbreakMe. The security hole affects all iPhones, whether they are jailbroken or not. Malicious code could possibly take over the iPhone and steal personal information by taking advantage of weaknesses in the PDF display code built into Safari.

Currently, the only known software to take advantage of the exploit is the JailbreakMe 2.0 application, which loads itself into the iPhone via Safari and jailbreaks the device. The procedure has been described as brilliant and also scary by security experts who have been studying the inner workings of the code.

Comex's release of in-browser jailbreaking software for the iPhone has revealed a major security hole in all iPhones. Turns out the exploit used to download and install the jailbreak in Mobile Safari could also be used by malicious programmers to install spyware or other data-stealing software on iOS.

By creating a jailbreak procedure that can be performed anywhere (pictured above by 0xcharlie in the Apple Store) Comex has also made it clear that Apple has some security patching work ahead. What happens is that anytime a PDF file is accessed from the Safari browser, the PDF is capable of running programs that would normally be prevented from execution.

Users with jailbroken iPhones are not the only ones that need to worry about security threats. According to iPhone developer Nicolas Seriot personal data on all iPhones is easily accessible with standard Application Programming Interfaces (APIs).

Malicious code could easily be sneaked into the AppStore past Apple's reviewers. SpyPhone, a proof-of-concept application, shows that personal data such as Contacts can be easily compromised.