F-Secure has posted a Q+A about the recent jailbreakme.com website and the PDF/kernel vulnerability it exploits in iOS. It’s worth a read and can be found here: http://www.f-secure.com/weblog/archives/00002004.html
- Effects iOS, NOT just the iPhone (this means ipod, touch, and ipads are susceptible)
- Combination of two vulnerabilities: one in PDF software and a kernel privilege escalation bug
- This has nothing to do with Adobe. PDF support in iOS is built by Apple. Apple’s PDF implementation is bugged. Foxit PDF reader has the same vulnerability.
- This risk exists not only via web but also e-mail, sms, and mms.
- Mitigation steps until Apple releases a patch? You can try the third party PDF Warning Loader here: http://chronic-dev.org/blog/2010/08/pdf-loading-warner/