Many were rejoicing this morning as a web-based method to jailbreak your Apple iPhone 4 hit the scenes, but now we’re hearing word that this jailbreaking could open up a nasty security hole in your iOS device.
How bad? Well, the Boy Genius says this security hole could enable malicious programmers to get a hold of your phone’s contact and other information. So, yeah, it’s pretty bad.
This is done through the jailbreakme PDF exploit. Under this method, it would be possible to possible to steal your address book, text message database, or much worse. There is going to be a security solution soon though, as BGR has been informed that a plugin named PDF Loading Warner” has been created to combat this potential security risk. It works by hooking into the device system and will display a warning before a PDF can be displayed. If you install this plugin and navigate to a website that should not be showing a PDF and get this warning, you are able to click “Cancel”, blocking the PDF from loading and subsequently stealing your data.
Cydia should supposedly have a fix for this in a day or two but experienced users should hop to the via link to find a patch which will give you a little more control over this exploit. It doesn’t close the security hole, but it gives you an out.
Now that jailbreaking and rooting is legal, it’s important to point out that doing this generally voids your warranty and does leave you susceptible to a security hole that non-jailbroken devices are relatively immune to. There’s always going to be a cost associated with jailbreaking or rooting.
Of course, there are plenty of benefits as well. You’ll be able to use a tethering app with a jailbroken iPhone without having to pay AT&T a monthly fee, if you so choose. Additionally, before iOS 4, jailbreaking was the only way to show the Apple iPhone could adequately handle third-party app multitasking. Jailbreaker beware, I suppose.
[Via BGR]