Apple warned: Patch 'jailbreak' security hole

At the risk of being a killjoy, a computer security firm on Thursday urged Apple Inc. to quickly patch a PDF vulnerability in its mobile devices like iPads and iPhones. Sophos senior technology consultant Graham Cluley said it is possible cybercriminals may set up sites claiming to jailbreak the Apple mobile devices, but which actually plant malware. “I don’t want to be a party pooper for those who wish to jailbreak their Apple devices, but it’s essential that Apple closes this vulnerability as quickly as possible... before it is abused with malicious intent," Cluley said in a blog post. “All eyes now turn to Apple to see how quickly it can secure its users from what could be a vector for iPhone/iPad malware infection. Leaving a security hole like this open is simply inviting malicious hackers to exploit it," he added. He cited the case of JailbreakMe.com, a site that supposedly exploits a PDF vulnerability to unlock iPads and iPhones so they can use apps not authorized by Apple. JailbreakMe.com offers a "reversible" jailbreak for users who decide later on to revert to the "authorized" iOS environment. “(But if malware makers) exploited the same vulnerability in a copy-cat maneuver, cybercriminals could create booby-trapped webpages that could - if visited by an unsuspecting iPhone, iPod Touch or iPad owner - run code on visiting devices," Cluley said. Cluley indicated the JailbreakMe.com site may even work on Apple’s relatively new iPad 2 tablet. “A website like JailBreakMe is making it easy to jailbreak your iPhone or iPad - but it could also be said to be giving a blueprint to malicious hackers on how to infect such devices with malware," he said. On the other hand, he noted “Comex," the creator of the JailBreakMe website, may have recognized that hackers might copy the exploit to use in the form of an iPad or iPhone virus. He cited a note in Comex’s site claiming he or she merely discovered the vulnerabilities. “I did not create the vulnerabilities, only discover them. Releasing an exploit demonstrates the flaw, making it easier for others to use it for malice, but they have long been present and exploitable. Although releasing a jailbreak is certainly not the usual way to report a vulnerability, it still has the effect of making iOS more secure in the long run," Comex said in his/her site. — TJD, GMA News