This Week's Sponsor:

Kolide

Ensure that if a device isn’t secure it can’t access your apps.  It’s Device Trust for Okta.


Apple Promises Software Update To Fix iOS PDF Vulnerability

Following the release of @comex’s latest jailbreak tool yesterday, JailbreakMe 3.0, many wondered how long it would take for Apple to take action and patch the security hole that allows special PDF documents opened through Mobile Safari to give admin privileges to code hidden inside them. The method, discovered and developed by comex, enables JailbreakMe to install Cydia on devices running iOS 4.3 and above with a simple click, making it the easiest jailbreak ever developed for a variety of devices including the iPad 2. The exploit works on various versions of iOS after 4.3, but the iPad 2 is only being targeted on iOS 4.3.3. As a preliminary version of the exploit leaked online before the official jailbreak was released, comex had already warned users that Apple would soon issue a software update to patch the vulnerability.

The Associated Press reports [via The Next Web] Apple Inc. spokeswoman Bethan Lloyd has confirmed the company is aware of the issue and is developing a fix that will be available via Software Update. A group of German researchers took a look at comex’s exploit yesterday, and warned Apple that any maliciously crafted PDF could take advantage of the Safari hole to install code on a device without a user’s consent.

Apple Inc. spokeswoman Bethan Lloyd said Thursday the company is “aware of this reported issue and developing a fix that will be available to customers in an upcoming software update.”

She declined to specify when the update would be available.

In the past, Apple closed another PDF vulnerability that allowed the installation of Cydia through JailbreakMe 2.0 in roughly a week. Whilst Cydia developers are relying on an exploit that could also be used by malware creators, they’re also taking the necessary steps to prevent the vulnerability from working again after the jailbreak is done and Cydia is installed. In fact, they have released a “PDF Patcher” tool that, once installed from Cydia, will make the exploit used to jailbreak a device unusable. For this reason, Apple will soon issue a software update to officially close the hole, but it’s very likely that several users who don’t want to lose their jailbreaks, yet want to stay secure, will install the unofficial patcher from Cydia.

Unlock More with Club MacStories

Founded in 2015, Club MacStories has delivered exclusive content every week for over six years.

In that time, members have enjoyed nearly 400 weekly and monthly newsletters packed with more of your favorite MacStories writing as well as Club-only podcasts, eBooks, discounts on apps, icons, and services. Join today, and you’ll get everything new that we publish every week, plus access to our entire archive of back issues and downloadable perks.

The Club expanded in 2021 with Club MacStories+ and Club Premier. Club MacStories+ members enjoy even more exclusive stories, a vibrant Discord community, a rotating roster of app discounts, and more. And, with Club Premier, you get everything we offer at every Club level plus an extended, ad-free version of our podcast AppStories that is delivered early each week in high-bitrate audio.

Choose the Club plan that’s right for you:

  • Club MacStories: Weekly and monthly newsletters via email and the web that are brimming with app collections, tips, automation workflows, longform writing, a Club-only podcast, periodic giveaways, and more;
  • Club MacStories+: Everything that Club MacStories offers, plus exclusive content like Federico’s Automation Academy and John’s Macintosh Desktop Experience, a powerful web app for searching and exploring over 6 years of content and creating custom RSS feeds of Club content, an active Discord community, and a rotating collection of discounts, and more;
  • Club Premier: Everything in from our other plans and AppStories+, an extended version of our flagship podcast that’s delivered early, ad-free, and in high-bitrate audio.