According to US media reports, Apple already has a fix for the 'JailbreakMe' security issue, which it plans to distribute as part of a forthcoming update. However, the company remains coy about when exactly this will happen. It can only be hoped that it will be soon, as it's without doubt the biggest threat to iPhone users since the device was released. It is also unclear whether Apple is going to fix both vulnerabilities or just one. On Wednesday of this week the German Federal Office for Information Security (BSI) warned (German language link) of the potential for attacks.
The vulnerabilities relate to a bug in processing Compact Font Format (CFF) data embedded in PDF files and to a kernel vulnerability. The CFF vulnerability can be exploited to inject and execute code on an iPhone using crafted PDF files. This appears to be how the JailbreakMe exploit is able to outwit the iPhone's data execution prevention functionality. The exploit then uses the kernel vulnerability to break out of the sandbox and run on the iPhone with elevated privileges, allowing it to unlock the device.
To date, the JailbreakMe exploit is alone in utilising the vulnerabilities to open PDF files tailored to the user's iPhone version when the JailbreakMe website is opened in Safari. However, other apps can be used to open PDFs and other web sites, which utilise the exploit to infect the phone with malware rather than just unlocking it, may also be on the horizon.
Security specialists are currently having a hard time publishing further information on the vulnerabilities, partly because the exploit is equipped with protective measures to hinder debugging and analysis. As a result no malicious exploits have been seen to date. Users should, however, be careful what links they follow and what sites they visit in Safari.
Awesome, so Apple has a fix for the exploits used to jailbreak the iPhone...but what about the new Quicktime SMIL Zero-day that basically affects all Windows users?
This guy has it right......
"So i guess we wont hear anything from Apple until they (hopefully) release a fixed version in a couple of months. I don't see how that protect the customers... "