The first successful jailbreak of the iPhone 4 is based on a serious security vulnerability in mobile Safari, researchers have found.
Security expert Charlie Miller described the JailbreakMe hack — which requires nothing more than a single swipe of an iPhone’s screen — as “very beautiful work” but very worrying.
“Scary how it totally defeats apple’s security architecture,” he wrote on Twitter.
Scary because the same vulnerability could be exploited by any PDF, an iPhone is vulnerable to any code contained in a PDF — such as the code used by JailbreakMe.
Until Apple releases a fix, all a user can do is try to avoid loading PDF files and ensure that you backup regularly via iTunes so the phone can be restored in the event of a security breach.
Ironically, users who have jailbroken their phones, can install a utility that displays a warning — and an option to cancel — before allowing a PDF to be displayed.
