updated 7/15/2011 8:48:12 PM ET 2011-07-16T00:48:12

Apple has released iOS 4.3.4, which fixes the security vulnerability exploited last week by the popular unlocking service Jailbreakme.

All iPad, iPhone and iPod Touch users who don't plan to "jailbreak" their devices should update as soon as possible, since the hole could hand over full control of your device to any skilled intruder. (Verizon iPhone users will update to iOS 4.2.9. )

Comex, the pseudonymous developer of Jailbreakme, used a known but underpublicized weakness in the way the Safari browser in iOS handles PDFs to "root" iOS 4.3.3, thereby opening a back door that lets users install applications not authorized by Apple.

(Security experts strongly advise against jailbreaking iOS devices. One of the operating system's strengths is that Apple checks all software before making it available in the iTunes App Store.)

Other iOS jailbreaking methods take time and skill, but Comex's service is simple and painless — just navigate to and it's done. (To reverse a jailbreak, restore the device from iTunes.)

Upgrading to iOS 4.3.4 will prevent Jailbreakme from working (and probably remove any unauthorized apps), but it will also let you open PDFs without fear.

Ironically, Comex himself beat Apple to the punch by 10 days, releasing his own patch for the same vulnerability he exploited, along with the exploit itself. For those 10 days, jailbroken iOS devices with his patch installed were among the safest in the world.


© 2012 SecurityNewsDaily. All rights reserved


Discussion comments


Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments