Apple claims that a fix for the iPhone’s PDF security hole is already in the works and will be released to users soon. As we reported earlier, this security hole allows one website access to your iPhone in order to Jailbreak it — with your explicit permission. But, when downloading PDF files with the iPhone’s Safari web browser, a site can use this same hole to run code that can gain OS level access in order to do some very dangerous things. The only user input needed is clicking a link.
“We’re aware of this reported issue, we have already developed a fix and it will be available to customers in an upcoming software update.” (Apple)
Apple is not saying when the fix will be released.
As we reported, part of the hole comes with code that can be run after downloading PDF files. Now a security expert tells CNet that there is a second hole which allows software to break out of the sandboxâ€ that is supposed to keep software running on an iPhone from affecting the phone’s OS and other apps. This flaw means that the sandbox doesn’t work. In fact the German government has released an official warning to its citizens about the flaw.
Apple’s statement doesn’t say whether their fix is for both holes or just one or the other.