A flaw in Apple's iOS that allows iPhones, iPods and iPads to be jailbroken via the Safari web browser is to be fixed.
According to tech news site CNET, an Apple spokesperson said, "We're aware of this reported issue, we have already developed a fix and it will be available to customers in an upcoming software update."
While jailbreaking allows a level of customisability and the potential to run third party apps not endorsed by Apple, Mac security specialists Intego and others have claimed the flaw leaves Apple device owners particularly open to attack.
"Visiting a web site set up to perform this jailbreak operation will lead to the download of a PDF file, which contains code that exploits this vulnerability," Intego noted on a blog post this week. "While this can be used to jailbreak a phone, it could also be used to compromise iOS devices. With a slight modification, this process could occur without any user notification or intervention." The browser based jailbreak applies to any Apple device running iOS versions 3.1.2 to 4.0.1.
Intego continues: "The corrupted PDF file (there is one file per iOS version and hardware model; there are a total of 19 different files) is embedded into a web page in an IFRAME so Safari will display it automatically without any user interaction. The PDF file contains an embedded Type1c font that is corrupted and that contains exploit code necessary to download the jailbreak code. (This can also contain other malicious code.) This code is then executed in the kernel space through an IOSurface (IOKit) memory allocation bug, obtaining root privileges and bypassing code signing protection and sandboxing."
This web based jailbreak puts iPhone, iPod touch and now iPad users at greater risk claims Intego as previously users needed to download a specific jailbreak application to achieve the same results. "The person who discovered this vulnerability should have kept it quite and contacted Apple, rather than make it public enough that now others can exploit it," insists Intego.
A second flaw has also been noted. According to Threatpost, Kaspersky Lab's Security News Service, a problem in the Apple iOS kernel gives an attacker higher privileges once his code is on a targeted device, enabling him to break out of the iOS sandbox. The combination of the two gives an attacker the ability to run remote code on the device and evade the security protections on the iPhone, iPad or iPod touch warns Threatpost.
An advisory from VUPEN Security, a French research organisation adds: "These flaws are currently being exploited by jailbreakme to remotely jailbreak Apple devices. The website redirects the browser to the appropriate PDF exploit file depending on the device model and version and then executes a first stage payload. Once done, a second stage payload is executed to gain root privileges on the device by exploiting the kernel vulnerability."
Apple declined to say when the update would be available.