Yesterday's release of a web-based jailbreak for the iPhone, iPad and iPod touch highlighted just how wide open to hackers the iOS platform is.
Gizmodo lays it out:
It just requires the user to visit a web address using Safari. The web site can automatically load a simple PDF document, which contains a font that hides a special program. When your iOS device tries to display the PDF file, that font causes something called stack overflow, a technical condition that allows the secret ninja code inside the font to gain complete control of your device.
The result is that, without any user intervention whatsoever, that program can do whatever it wants inside your iPhone, iPod touch or iPad. Anything you can imagine: Delete files, transmit files, install programs running on the background that can monitor your actions... anything can be done.
Literally anything. The JailbreakMe 2.0 jailbreak highlights just how powerful these kinds of vulnerabilities are. If a PDF can jailbreak your device, it can do pretty much anything it wants.
And the iOS platform is a really juicy target for hackers. There are some 100 million iOS devices out there, none of which have any security software installed. Hackers must be licking their lips in anticipation.
Gizmodo does offer a potential workaround for owners of jailbroken devices, but everyone else is on their own.