Drive-by iOS jailbreak sparks security concerns

  • The recently launched JailBreakMe website allows users to easily crack a variety of mobile Apple devices. However, the drive-by patch has also sparked serious concern amongst numerous security researchers.

    For example, Graham Cluely of Sophos warns that JailBreakMe is not just a headache for Apple, but likely portends future attacks by malicious elements.

    "Previously, jailbreaking has required users to connect their device to a computer before they can start to tamper with the set-up of their iPhone or iPad and gain access to the Cydia underground app store.

    "The drive-by jailbreak is possible because the website exploits a vulnerability in the way that the mobile edition of Safari (the default browser used in the iOS operating system) handles PDF files - specifically its handling of fonts."

    "[So], if simply visiting a website with your iPhone can cause it to be jailbroken - just imagine what else could hackers do by exploiting this vulnerability? 



    "[Clearly], Cybercriminals would be able to create booby-trapped webpages that could - if visited by an unsuspecting iPhone, iPod Touch or iPad owner - run code on visiting devices without the user's permission."

    Meanwhile, the German government has issued an official warning over "two critical weak [iOS] points for which no patch exists."

    According to the Federal Office for Information Security, a manipulated website or PDF file could allow cybercriminals to spy on passwords, planners and emails.

    As such, the Office recommends users avoid opening untrusted PDF files and websites.

Related Stories

Going Global In a Fast Paced World

How to choose the right tyres for winter

New Industry Ideas