14 DAY TRIAL // The German IT Agency has issued a security note about the PDF vulnerability used by hackers to jailbreak Apple’s iOS-powered devices, warning users to stay away from the JailbreakMe hack. A security firm weighing in on the matter goes as far as to suggest iPhone users are now in need of an antivirus.
The vulnerability, discovered by jailbreak artist Comex, is related to the way iOS handles fonts embedded in PDF files.
When taking advantage of the vuln, a hacker can gain root access to the system, whether for nefarious purposes, or not.
The German IT Agency described the flaw as a "critical weakness" that could be used by criminals to execute code on devices.
If the user clicks on a rigged PDF file, "[it] is sufficient to infect the mobile device with malware without the user's knowledge" the bureau said.
"The weak points allow possible attackers to gain administrator rights and get access to the entire system," the Agency added.
According to the security bulletin, "Possible scenarios for attacks by cyber criminals include the extraction of confidential information (passwords, online banking data, calendars, emails, SMS or contacts), accessing the device's cameras, the user's GPS data as well as listening in on phone conversations.”
The Guardian also has a quote from Mikko Hypponen of the security company F-Secure, who said that "If things turn bad and we see an iPhone outbreak via the new PDF vulnerability, there's not much you can do.”
Hypponen specified that “There are no antiviruses available on the iPhone.”
Yet, for those who jailbreak, there is a PDF Patcher available through Cydia (the App Store alternative for jailbreakers) which, once installed, closes this hole.
The German agency added that while no attacks have been reported so far (taking advantage of this particular flaw), “it must be expected that attackers will soon exploit the weak points."