AAPL Stock: 112.12 ( + 2.62 )

Printed from

Apple to patch PDF exploit in iOS, stop JailBreakMe for now

updated 09:35 am EDT, Thu July 7, 2011

Apple confirms work on fixing PDF security hole

Apple on Thursday said it was working on a fix for an exploit in how it handles PDF files. The promise was a response to a German Federal Office for Information Security warning that the hole could let a hacker or hostile web code get root-level control to hijack the phone or spy on personal info. The company was adamant it "takes security very seriously" and had a solution, though it didn't say when.

"We're aware of this reported issue and developing a fix that will be available to customers in an upcoming software update," Apple said.

In the interim, the German officials suggested device owners should avoid opening PDF files from sources they didn't already know.

The fix is likely to temporarily frustrate jailbreakers. A recent revival of JailbreakMe depends on the PDF hole to de-restrict iOS using solely the web and a reboot. Future security hole discoveries are likely to reopen access in the short term.

Jailbreaking, commonly described as rooting on Android devices, has always carried inherent risks by its very nature. The technique gives apps full permission to run without even basic controls. While it allows much more flexibility in apps, it also lets viruses and other code run without warnings. The only malware to ever infect iOS devices in the wild has targeted jailbroken iPhones where a regular device had safeguards that stopped it.

by MacNN Staff



  1. testudo

    Joined: Dec 1969



    Glad to see Apple still has all sorts of security issues with PDF viewing.

    And please remember that this is yet another security hole in the iOS that would allow someone to gain root access to the device by just having the user open a specially crafted PDF file.

  1. Tjp

    Joined: Dec 1969


    It's already out

    Comex published the fix the day after the exploit was officially published. For the most part the jailbreak community is very security conscious and has all manner of suggestions to make your device more secure, all the while of course violating the built in security first to jailbreak it. I personally believe that if AT&T and other carriers unlocked the phones at the end of the contract (by time or being bought out) then 90% of the jailbreakers would lose the motive to jailbreak the phones. At 10% the community would be hard pressed to survive. So the best tactic Apple and the carriers could take is to unlock the phones (worldwide, as some of you folks already can officially) after the end of the contract. Apple could even do it automatically. No original iPhone should be on contract now. Just unlock it next sync. Most 3G phones (all in the US) are off contract now. Do the same. And so on. Then allow folks with a 3GS that is not under contract to unlock, and some 4s are not under contract either (bought out by early termination). Apple checks the database periodically when you buy a phone (if you're upgrade eligible) so just add if a IMEI is in the carrier database as subsidized still. If not unlock it. They can cache the database locally (at Apple, not your machine) for each carrier so it is not a burden to the carrier. Apple already does significant checks each sync if you are networked.

    But back to the original point. Unlocked phones are least likely to be jailbroken. Developer accounts for $99 can allow any other software to be added safely to the phone in the sandboxed app environment. Maybe enable loading your own connected device possible on the free developer sdk version and poof, no need at all to jailbreak. The people who jailbreak can run a script more easily to drive the developer tools to load an app.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Polk Hinge Wireless headphones

Polk, a company well-established in the audio market, recently released a new set of headphones aimed at the lifestyle market. The Hin ...

Blue Yeti Studio

Despite being very familiar with Blue Microphones' lower-end products -- we've long recommended the company's Snowball line of mics ...

ZTE Spro 2 Smart Projector

Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...


Most Commented