With the availability of the Comex-created JailbreakMe app which gets rid of restrictions on the iPhone, iPad and iPod Touch imposed by Apple for security and legal reasons, a Pandora’s Box has perhaps been opened. Though Apple now says that it has a security patch ‘in place’ to tackle the potential problem, this may not be the end of the story.
The hack itself, which exploits the iOS Safari web browser, may not be a security threat to your Apple device, but the implications are pretty bad. As you can jailbreak your device by downloading a PDF file, which hides the hack-code, so can hackers play havoc with this all-too-apparent soft-spot in the OS.
The problem is supposed to lie with the way the Safari browser downloads PDF files. Thus any malicious code in a PDF file can harm you and your device immensely. And now Apple has released a statement that it has ‘already developed a fix’ and that it will be available to users in the next software update.
But as experts have pointed out, the problem is not just with the way the parsing of PDF files is done by the browser which cause the code to enter a protective sandbox. There is also another loophole which allows the code to get out the sandbox and obtain root/control command over whichever Apple device you may be using.
The combination of these two actions is what allows the jailbreak to be successful, but the same could also play into the hands of hackers wanting your private data. So, the patch will only work if it addresses both problems.
The threat level attached to this iOS exploit is so high that the German authorities have issued a public warning in this regard!
But many iPhone users say that even when the iPhone is jailbroken it is not at risk, because Cydia has something called a ‘PDF Loading Warner’ which alerts you before any PDF file is loaded on Safari. So if you are not sure of the reliability of the source of the file, cancel the action and breathe easy!
Even if this is useful, the security patch from Apple should be better protection from potential hack attempts.