No sooner goes JailbreakMe.com come back online—enabling iOS device users to jailbreak their devices just by clicking a link—than security alerts start flying. Germany’s Federal Office for Information Security has issued a security warning to consumers (German), warning users to avoidf opening PDF files on Web sites or as email attachments unless users are sure the documents come from a trusted source. Although the JailbreakMe.com exploit enables users to jailbreak their devices—which is legal, by the way—the same technique could be used to deliver malicious software to an iOS device.
So far, Germany’s Federal Office for Information Security has not observed any attacked in the wild based on the PDF exploit.
An Apple spokesperson told Cnet that the company is working on a fix to be distributed in a software update; however, Apple has not outlined any timeframe for patching the loophole.
The JailbreakMe developers have released PDF Patcher 2, an update that fixes the primary vulnerability. However, PDF Patcher 2 can only be applied to jailbroken iOS devices. Jailbreaking an iOS device voids the warranty, and Apple has always strongly discouraged customers from doing so.
In August 2010, the JailbreakMe developers released a similar jailbreak technique based on a PDF exploit; Apple updated iOS patch the security hole in about a week.
Germany’s decision to issue a consumer alert over the PDF exploit highlights how important mobile technology has become, both to consumers as well as to public agencies charged with monitoring consumer and public safety. Where software security alerts used to be the stuff of obscure, geeky mailing lists and a relatively small community of computer security professionals, it seems we’re entering an era where security issues in mobile operating systems are akin to consumer alerts over faulty automobiles, dangerous children’s toys, and exploding batteries.
