Apple plugs Jailbreakme security hole

 

Gallery

By Stewart Mitchell

Posted on 12 Aug 2010 at 12:05

Apple has released an update to its iPhone OS that rectifies flaws that could have allowed hackers to take control of the device.

The update - iOS 4.0.2 - can be downloaded via iTunes and applies to second generation and later iPhones and iPod Touches.

According to Apple, the update closes two security flaws, one in which viewing a PDF document with maliciously crafted embedded fonts allowed arbitrary code execution, and another where malicious code could gain system privileges.

Not everyone with an iPhone will welcome the update, however, as it closes the door on the recently-released Jailbreakme application, which enables users to install non-approved software on their handsets.

The update isn't mandatory and users wanting to use Jailbreakme may simply avoid the update, but security experts say anyone rejecting the download would be leaving themselves open to attack.

“This does mean that users who have jailbroken their devices and prefer to keep it that way will have to face the increased likelihood of malicious attacks through this vulnerability,” said security company F-Secure on its blog.

“We recommend that all iOS users, including those who have jailbroken their devices, install the latest update now.”