Apple Completes iPhone Browser Security Fix

Apple has already developed a patch for the iOS 4 Mobile Safari exploit revealed by JailbreakMe. The security hole affects all iPhones, whether they are jailbroken or not. Malicious code could possibly take over the iPhone and steal personal information by taking advantage of weaknesses in the PDF display code built into Safari.

Currently, the only known software to take advantage of the exploit is the JailbreakMe 2.0 application, which loads itself into the iPhone via Safari and jailbreaks the device. The procedure has been described as brilliant and also scary by security experts who have been studying the inner workings of the code.

The latest jailbreak solution took the world by storm last week, and JailbreakMe servers couldn't even handle the heavy traffic because there was so much demand. A few days later, the Dev-Team also released a new iOS 4 compatible version of ultrasn0w, which makes it possible to unlock the iPhone for use on different cellular carriers.

CNET reported Apple's statement on the matter, "We're aware of this reported issue, we have already developed a fix and it will be available to customers in an upcoming software update."

Apple moved quickly to fix the PDF problem, however there's no word on when the company will release the fix. Not only will it plug the security hole for everyone who installs the update, the fix will render JailbreakMe 2.0 obsolete. Apple is expected to release iOS 4.1 in September, and has already released iOS 4.0.1 to fix a signal bar issue. It's possible Apple will act quickly to release iOS 4.0.2 and quash the easy jailbreaking.

Jailbreaking was recently declared legal in the US, but Apple insists that jailbreaking will void your iPhone warranty and lead to security vulnerabilities. In another twist, developers have posted PDF Loading Warner, a jailbreak app available on Cydia that asks permission before loading a PDF. This protects your iPhone from the exploit by allowing users to refuse a PDF file when the source is unknown.