Apple issues fixes for 'drive-by' attacks
Apple has fixed a security hole used to get around restrictions on what applications can run on iPhones, iPads, and the iPod Touch.
The popular JailbreakMe application used the vulnerability to unlock these devices and run non-approved apps.
The bug stemmed from the way Apple's mobile Safari browser handled PDF document files.
But security experts warned that it also left users vulnerable to potential attack via booby-trapped websites.
The risk to owners was theoretical as no criminals were thought to have exploited it.
However it was widely used to run applications, utilities and other add-ons that were not approved by Apple.
The company keeps tight control on the apps available via its store and many people turn to alternatives, such as Cydia, for unofficial apps.
'Foolish move' - The loophole was first used for the widely-known JailbreakMe program that let owners visit a specially crafted webpage to trigger the unlocking process.
This latest patch will prevent JailBreakMe from working, but will also close a potential vulnerability that, if exploited, could have given an attacker access to the device.
The updates will be offered to owners when they connect their gadget to a computer.
The company, and security firms, recommended that owners immediately download and apply the update.
However, the update is not mandatory and many people may avoid downloading and installing it to ensure they can continue to run unofficial applications and programs.
"It remains to be seen, of course, how many iPhone and iPad users decide to install this security patch," said Sophos senior security analyst Graham Cluley on his blog.
"Some may be delighting in their newly-jailbroken gadget."
Mr Cluley said leaving the vulnerability unpatched would be a "foolish move".
"It would be relatively trivial for a malicious hacker to exploit it, and cause a problem on your shiny Apple gear," he warned.
In its advisory about the update, Apple said it applies to second generation and later iPods and iPhone Touches. A security package that fixes the bug on first generation gadgets is being developed by a programmer called Jay Freeman.
Apple has fixed a security hole used to get around restrictions on what applications can run on iPhones, iPads, and the iPod Touch.
The popular JailbreakMe application used the vulnerability to unlock these devices and run non-approved apps.
The bug stemmed from the way Apple's mobile Safari browser handled PDF document files.
But security experts warned that it also left users vulnerable to potential attack via booby-trapped websites.
The risk to owners was theoretical as no criminals were thought to have exploited it.
However it was widely used to run applications, utilities and other add-ons that were not approved by Apple.
The company keeps tight control on the apps available via its store and many people turn to alternatives, such as Cydia, for unofficial apps.
'Foolish move' - The loophole was first used for the widely-known JailbreakMe program that let owners visit a specially crafted webpage to trigger the unlocking process.
This latest patch will prevent JailBreakMe from working, but will also close a potential vulnerability that, if exploited, could have given an attacker access to the device.
The updates will be offered to owners when they connect their gadget to a computer.
The company, and security firms, recommended that owners immediately download and apply the update.
However, the update is not mandatory and many people may avoid downloading and installing it to ensure they can continue to run unofficial applications and programs.
"It remains to be seen, of course, how many iPhone and iPad users decide to install this security patch," said Sophos senior security analyst Graham Cluley on his blog.
"Some may be delighting in their newly-jailbroken gadget."
Mr Cluley said leaving the vulnerability unpatched would be a "foolish move".
"It would be relatively trivial for a malicious hacker to exploit it, and cause a problem on your shiny Apple gear," he warned.
In its advisory about the update, Apple said it applies to second generation and later iPods and iPhone Touches. A security package that fixes the bug on first generation gadgets is being developed by a programmer called Jay Freeman.
Comment