(Update: Apple has released iOS 4.0.2 for iPhone /iPad and iOS 3.2.2 for iPad. More info is here) Yesterday Apple said that it was investigating the issue “PDF Exploit” which could potentially allow softwares to gain un-permitted access to idevices. In JailbreakMe 2.0 same exploit was used to jailbreak iOS 4.0, iOS 4.0.1 and iOS 3.2.1 on iDevices.
But today Apple released a statement saying it has found the solution to fix this problem in the upcoming firmware update. Though Apple didn’t mention anything about the version number of this next update, but it might be iOS 4.1, which is being tested by registered Apple developers, or a quick iOS 4.0.2 update .
“We’re aware of this reported issue, we have already developed a fix and it will be available to customers in an upcoming software update ” an Apple spokesperson told CNET.
In fact the current iOS 4.0.1/iOS 4.0 contains two security exploits which are used by the current browser-based jailbreak released last weekend.
One of the exploits utilizes the methods that Safari uses to read and parse PDF files to gain access to the ‘protective sandbox’, while the second hole allows the code to get out of the ‘sandbox’ and access root control privileges for the device — potentially allowing hackers the ability to install rogue apps that could monitor user actions.
If you are curious about your security and privacy, you can fix this issue before Apple releases fixed iOS. You can follow the instructions posted here to fix “PDF Exploit” manually or install a simple app available in Cydia for jailbroken iPhones which will warn you before the download of a PDF file.
If you have already protected your iPhone from this exploit, share with other readers in the comments below.
