While JailbreakMe is one of the simplest jailbreaking solutions yet, it goes about its dirty work by exploiting a dangerous flaw in the way Mobile Safari handles PDFs and embedded fonts. The same exploit that is making it convenient today for thousands of iOS device owners to jailbreak their machines could be used tomorrow to totally compromise them and install malevolent code upon their devices.
Needless to say, Apple’s going to be closing this security hole, stat, and now Reuters is reporting that Apple is “investigating” the issue, although there’s no timetable for a fix yet.
The Dev Team must have been conflicted about this jailbreak. On one hand, they were able to allow any device running iOS 3.2 or higher to jailbreak just by visiting a simple website, but in doing so, they were revealing a very dangerous exploit that is now in the wild, just waiting to be adopted and easily deployed against unsuspecting web users. Furthermore, the nature of this exploit makes a quick response by Apple inevitable: this jailbreak solution may go down as the most quickly neutralized on record.
It’s also got to be a nightmare for Apple. Counterintuitively, the only way right now to “close” the security hole inherent in all iOS devices is to jailbreak your phone, then install the PDF Loading Warner from Cydia. Jailbroken phones might actually be more secure right now than unjailbroken ones. Apple needs to fix that, as quickly as possible.
