Gregg Keizer reports:
Amid a warning by German authorities of possible malicious use of a critical iPhone exploit, Apple said it has a fix ready and will deliver it in the next smartphone update.
The exploit first surfaced Sunday, when it was used to “jailbreak” any device running Apple’s iOS mobile operating system. “Jailbreak” is the term that describes the practice of hacking an iPhone to install apps not authorized by Apple.
BSI said that successful attacks could give hackers access to any data on the device, including passwords, e-mails, sent and received text messages, and contacts. The attacks could also let others control the iPhone’s camera(s), listen in to phone calls and pinpoint the user’s location.
According to security researchers, JailbreakMe — the software that hacks, or “jailbreaks,” iOS 4 — uses a flaw in mobile Safari’s parsing of fonts in PDF documents to compromise the browser, then exploits a second vulnerability that breaks out of the isolating “sandbox” and gains full, or “root,” control of the device.
Read more on Computerworld.