Recently, Apple released a security patch for iOS that fixes vulnerability associated with viewing malicious PDF files. That’s the same one used by JailbreakMe.com, a website re-launched earlier this month, that allow users to jailbreak iPhone 4 without using a computer or any special software, giving iPhone owners the possibility to install third-party software and make low-level system changes.
“The Jailbreakme.com exploit downloads a payload to jailbreak the iPhone, but it could be changed to deliver a malicious payload,” said Charlie Miller, a principal research consultant at Accuvant and an Apple security expert, in an interview with CNET last week.
Until now, only jailbreakers were safe from that risk. However, JailbreakMe.com released their own patch for the PDF vulnerability used by the latest JailbreakMe 3 tool called PDF Patch 2, covering their tracks and preventing future attacks of jailbroken iPhones that exploited the same bug. The patch isn’t available in the app store, however, non-jailbroken iPhones remained vulnerable.
However, this is not the first time for JailbreakMe.com. In August an old version of JailbreakMe jailbreak tool exploited the way the PDF viewer loaded fonts to let users gain low-level system access, and install third-party application installers.