Earlier this week, Apple released iOS 4.0.2 which fixed a security vulnerability that enabled the famed JailbreakMe.com website to work its magic on your iPhone or iPad. While fixing a major security hole is normally considered a good thing, Apple dropped the ball by not including the original iPhone or the first generation iPod Touch in this update.
This is not a trivial omission as the iOS 4 flaw allows for arbitrary code execution when an unsuspecting user opens a PDF file or visits a malicious website. Unfortunately, now that the security flaw has been exposed, it will eventually spread beyond the benign JailbreakMe.com website. These adopters of Apple’s early mobile technology, presumably still in use in fairly large numbers, remain potentially vulnerable to this growing attack.
Good thing the iPhone community has the dev team as they have pushed out their own security tool to patch this hole. Now available in Cydia, the PDF Patch tool will fix this security flaw in all iPhone and iPod Touch models and all known firmware versions from 2.x forward. The patch will also work with any current iPhone and iPod Touch versions capable of running iOS 4.0.1. If you are a current gen owner and have not applied the 4.0.2 update, ignore it and apply the patch from Cydia instead. This Cydia-based patch will allow all current gen iOS 4 devices to remain jailbroken and safe from the potential malicious actions permitted by this security hole. Jailbroken and safe: that is the best of both worlds, don’t you think?
[Via the iPhone dev team]