Apple's hottest operating system has today come under scrutiny with a potential security exploit revealed which could see a rogue PDF file maintain entire control of Apple's iOS devices including the iPad, iPhone and iPod Touch.
The exploit, which was uncovered following the success of a website-based jailbreak released over the weekend, takes advantage of the way the iOS system, and in particular the Safari web application, loads fonts inside PDF files, and could potentially leave anyone in "full" control of your Apple device -- with granted powers including the ability to delete all your files, install rogue apps which monitor your usage and much more.
It can apparently be broken into two parts, Charlie Miller, a principal analyst at Independent Security Evaluators told CNET. One relates to the way the browser reads and parsers PDF files which in turn allows access to the iOS's 'protective sandbox', while the second hole allows the code to get out of the 'sandbox' and access root control of the device.
At this stage the exploit is not malicious, although hackers could potentially reverse-engineer the hole for their own harmful purposes soon.
Apple has acknowledged the issue, says CNET, but has yet to make a fix available for the problem which affects all every edition of the iOS from 3.2.1 upwards, including the recently released iOS 4. In the meantime, the only way to avoid (but not fix) the problem is to not open any PDF files directly and not loading any untrusted PDF files -- or you can jailbreak your device, and install a "PDF loading warner" application.
26 Comments - Add comment