Apple Investigating iOS Vulnerability Allowing Web-Based Jailbreak
Over the weekend, a new Web-based jailbreak became available for iOS devices, offering users a simple method to open their devices to installation of unauthorized third-party applications.
At the time, we noted potential security implications of the method, which involves a security hole in how the mobile Safari browser included on all iOS devices handles embedded fonts. Exploiting the hole allows a remote site to gain control over a user's device. In the case of the new JailbreakMe site, the exploit is offering a convenient delivery method for a service, but others could use the same method for malicious purposes.
Reuters reports that it has received an official response from Apple on the issue, which notes only that it is investigating the security hole.
Company spokeswoman Natalie Harrison said the company was aware of the report.
"We're investigating," she said.
There is no word yet on a timetable for a fix. While many users are no doubt appreciative of the simple jailbreak method, Apple will certainly want to close the security hole as quickly as possible to both prevent malicious exploitation of it and to thwart the simple jailbreak process, a system modification frowned upon by the company.