JailbreakMe 3.0 has garnered some serious attention over the last 48 hours. The last report we heard was that the site had been visited over a million times, and the PDF exploit had been downloaded over 500,000 times.
The exploit must have also grabbed the attention of Germany’s Information Security team, because the group just issued a country-wide warning for all iOS products. The Mobile Safari vulnerability exposed by Comex in his new jailbreak tool has really made some folks nervous…
The Huffington Post reported yesterday that Germany’s Federal Office for Information Security has issued a warning on iPhones, iPads and the iPod touch, stating that they have a “critical weakness.”
The group claims that the device is susceptible to malware via an infected PDF file, which can infect a user’s device without them knowing:
“Clicking on an infected PDF file is sufficient to infect the mobile device with malware without the user’s knowledge” on several versions of Apple’s iOS operating system. After opening a website that carries an infected PDF file, a user’s device would be open to criminals spying on passwords, planners, photos, text messages, emails and even listen in on phone conversations.”
The agency points out that Apple has yet to offer a patch to fix the problem, but an Apple Germany spokesman told The Associated Press yesterday that they were aware of the warning. The spokesman declined any other comments.
The irony here, is that — with no word from Apple yet — the best way for folks to protect themselves from this vulnerability is to jailbreak their iDevice. Only when an iDevice is hacked, can users install Comex’s PDF Patcher 2, which fixes the security issue.
I’m not really sure if this is worth a national warning. There hasn’t been any mass-distributed malware that utilizes the PDF problem discovered in the wild, yet. However, the problem does seem to be receiving a fair amount of media attention, so how long can Apple keep their silence?
What do you think?