A “critical weakness” which could affect iPhones, iPads and iPod touches has been discovered by German security experts, which could see malicious downloaded software allow access to owners’ personal details.
The wonderfully titled Bundesamt für Sicherheit in der Informationstechnik (more boringly known as the federal office for information security) in Germany has discovered that clicking on an infected PDF file "is sufficient to infect the mobile device with malware without the user's knowledge." This flaw has been found on several versions of Apple’s iOS software including 4.3.3 and possibly the upcoming iOS 5 update. Affected devices include the iPhone 3GS, iPhone 4, iPad, iPad 2 and iPod touch.
The problem could occur when users open a web page containing an infected PDF file which could be downloaded without the users' knowledge. This could give criminals access to your account information, passwords, emails, photos, or even let them listen in to phone conversations – a revelation which couldn’t come at a worse time with the current phone hacking scandal in the UK at the moment. Apple in Germany has told the Associated Press that it is aware of the warning but would not comment on it. The discovery was made by a group of hackers working on a jailbreak for the iPhone and this group has kindly put a fix for the vulnerability on its jailbreakme.com website.
While no attacks taking advantage of it have been reported so far, "it must be expected that attackers will soon exploit the weak points", the German agency said.
In related news the iPad 2 can now be jailbroken thanks to the aforementioned group, with JailbreakMe 3.0 which utilizes the PDF vulnerability - which you can then patch with PDF Patcher 2 once you jailbreak your iPad 2. JailbreakMe 3.0 works for iPhones and iPod touches too using virtually any version of the iOS software.