This week a new web-based jailbreak tool was released which allows you to jailbreak all sorts of iDevices just by visiting a web page and swiping your finger across a screen. It makes installing iPhone apps that haven’t been approved by Apple extraordinarily easy. But if you’ve been wondering just how a web site can install code on your system, here’s the dirty little secret: JailbreakMe uses an exploit — and other web sites could theoretically do the same thing for more nefarious purposes.
Basically, the developers behind JailbreakMe figured out a way to insert some funky code into a PDF file. When the mobile Safari web browser on the iPhone, iPod touch, and iPad attempts to open the PDF, it installs code on your mobile device. Kind of scary, no?
While it’s likely that Apple will release an update that prevents this kind of thing from working in the future, the company hasn’t issued any security updates yet. But there’s an unofficial app called PDF Loading Warner which will display a pop up message any time your device is going to open a PDF file. That way if you visit a web site without realizing that it wants to load a PDF, you can make an informed decision before clicking the load button.
The irony? PDF Loading Warner is only available for jailbroken devices. You can grab it from the Cydia store.
Update: Apple says it’s ready to patch the security hole, but hasn’t yet said when the update will be made available to the public.
via Download Squad