Apple promises update to patch PDF exploit
Apple has already identified the iPhone security exploit used by the Web-based jailbreak procedure released earlier this week and, according to a statement the company provided to CNet, the company has a software fix ready to go.
The hole reportedly consists of two separate exploits: one that allows a maliciously constructed PDF file to execute code and one that allows that code to burrow its way out of the sandbox that should prevent just such an exploit from having free roam of the rest of the phone’s software.
Apple on Wednesday said it was investigating the reported security vulnerabilities. On Thursday, the company told CNet: “We’re aware of this reported issue, we have already developed a fix and it will be available to customers in an upcoming software update.”
The flaws have sparked concerns from some quarters, with Germany’s Federal Office for Information Security issuing a warning about them.
However, it’s uncertain when Apple will release this software update; in the past, the company has opted to roll security fixes for the Mac OS into its usual software updates, but at the same time the company has been quick to issue security fixes for the iPhone. At last year’s Black Hat security conference, hackers demonstrated an exploit using the phone’s SMS system; Apple patched the flaw the very next day.