Apple Has A Fix For iOS Web-Based Jailbreak

On Wednesday, it was noted that Apple was aware and investigating the vulnerability in mobile Safari that has allowed users to easily jailbreak their iDevice.

The security hole, which exploits a flaw in mobile Safari, allows a remote site to gain control over a user’s device. In the case of the new JailbreakMe website, the exploit is offering a convenient jailbreaking delivery for users.

Now, CNET is reporting that Apple has developed a software fix for the iOS security hole and that the fix will be released in an upcoming iOS update.

On Wednesday an Apple spokeswoman said in a statement, “We’re aware of this reported issue, we have already developed a fix and it will be available to customers in an upcoming software update.”

At this time, Apple has declined to say when the iOS update would be available and whether the update would be a 4.0.2 release or the full 4.1 firmware.

One flaw is in the way the browser parses PDF files, enabling the code to get inside a protective sandbox, and the other hole allows code to break out of the sandbox and get root, or control, privileges on the device.

As previously noted, while the exploit gives users a great and fast method of jailbreaking, the vulnerability does open mobile Safari to the execution of malicious code.

For users that want to keep their jailbreak, simply ignore the update when it is released. On the other hand, if you do update, your iDevice will lose its jailbroken status.

[CNET]