A serious security flaw that allows hackers to remotely commandeer iPhones, iPads and iPod Touches should eventually have a fix, says Apple. The company acknowledged it was working to close the security hole Thursday, but would only say to expect the fix in a forthcoming software update.
The flaw, which came to light on Wednesday this week, involves deploying infected PDF files to take control of a user’s phone or tablet. And here’s the twist: the security hole was exposed by freely downloadable software called “JailbreakMe,” used to unlock iOS-based devices.
(PHOTOS: The Movies’ Most Evil Computer Villains)
“JailbreakMe is the easiest way to free your device,” reads a note on the JailbreakMe.com website. “Experience iOS as it could be, fully customizable, themeable, and with every tweak you could possibly imagine.”
The site claims the software is “completely reversible” by performing an iTunes restore, and that “jailbreaking gives you control over the device you own.” People who jailbreak their iOS devices typically do so to run apps Apple hasn’t approved, or to use the iPhone with unauthorized carriers.
But the software also exposes flaws in Apple’s iOS—in this case, one where users who open infected PDF files could hand off administrative rights to hackers or cyber-criminals.
“I did not create the vulnerabilities, only discover them,” reads part of a FAQ on JailbreakMe.com. “Releasing an exploit demonstrates the flaw, making it easier for others to use it for malice, but they have long been present and exploitable. Although releasing a jailbreak is certainly not the usual way to report a vulnerability, it still has the effect of making iOS more secure in the long run.”
Apple’s known for publicly ignoring flaws in its hardware and software, then quietly releasing fixes, but in this instance they’re speaking up: “Apple takes security very seriously, we’re aware of this reported issue and developing a fix that will be available to customers in an upcoming software update,” it said in a statement.
For those keeping score, Apple claimed jailbreaking was illegal back in 2009, but the U.S. Copyright office ruled in mid-2010 that bypassing a manufacturer’s protection measures to run “lawfully obtained” software applications was, in fact, permissible.