AAPL Stock: 117.81 ( -0.22 )

Printed from

Apple to patch PDF exploit in iOS, stop JailBreakMe for now

updated 09:35 am EDT, Thu July 7, 2011

Apple confirms work on fixing PDF security hole

Apple on Thursday said it was working on a fix for an exploit in how it handles PDF files. The promise was a response to a German Federal Office for Information Security warning that the hole could let a hacker or hostile web code get root-level control to hijack the phone or spy on personal info. The company was adamant it "takes security very seriously" and had a solution, though it didn't say when.

"We're aware of this reported issue and developing a fix that will be available to customers in an upcoming software update," Apple said.

In the interim, the German officials suggested device owners should avoid opening PDF files from sources they didn't already know.

The fix is likely to temporarily frustrate jailbreakers. A recent revival of JailbreakMe depends on the PDF hole to de-restrict iOS using solely the web and a reboot. Future security hole discoveries are likely to reopen access in the short term.

Jailbreaking, commonly described as rooting on Android devices, has always carried inherent risks by its very nature. The technique gives apps full permission to run without even basic controls. While it allows much more flexibility in apps, it also lets viruses and other code run without warnings. The only malware to ever infect iOS devices in the wild has targeted jailbroken iPhones where a regular device had safeguards that stopped it.

by MacNN Staff



  1. testudo

    Joined: Dec 1969



    Glad to see Apple still has all sorts of security issues with PDF viewing.

    And please remember that this is yet another security hole in the iOS that would allow someone to gain root access to the device by just having the user open a specially crafted PDF file.

  1. Tjp

    Joined: Dec 1969


    It's already out

    Comex published the fix the day after the exploit was officially published. For the most part the jailbreak community is very security conscious and has all manner of suggestions to make your device more secure, all the while of course violating the built in security first to jailbreak it. I personally believe that if AT&T and other carriers unlocked the phones at the end of the contract (by time or being bought out) then 90% of the jailbreakers would lose the motive to jailbreak the phones. At 10% the community would be hard pressed to survive. So the best tactic Apple and the carriers could take is to unlock the phones (worldwide, as some of you folks already can officially) after the end of the contract. Apple could even do it automatically. No original iPhone should be on contract now. Just unlock it next sync. Most 3G phones (all in the US) are off contract now. Do the same. And so on. Then allow folks with a 3GS that is not under contract to unlock, and some 4s are not under contract either (bought out by early termination). Apple checks the database periodically when you buy a phone (if you're upgrade eligible) so just add if a IMEI is in the carrier database as subsidized still. If not unlock it. They can cache the database locally (at Apple, not your machine) for each carrier so it is not a burden to the carrier. Apple already does significant checks each sync if you are networked.

    But back to the original point. Unlocked phones are least likely to be jailbroken. Developer accounts for $99 can allow any other software to be added safely to the phone in the sandboxed app environment. Maybe enable loading your own connected device possible on the free developer sdk version and poof, no need at all to jailbreak. The people who jailbreak can run a script more easily to drive the developer tools to load an app.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented