Jailbroken phones are more prone to security threats, researchers say.
The emergence of an exploit used by a website for iPhone “jailbreaking” prompted security researchers to issue warnings about smartphone security.
The website, Jailbreakme.com, allows iPhone and iPad users who visit the site in Safari to jailbreak their devices — obtain applications not authorized by Apple — with a simple slide button, said Graham Cluley, senior technology consultant at Sophos. The website exploits a vulnerability in the way the mobile edition of Safari handles PDF files, he said.
“What concerns me, and others in the security community, however, is that if simply visiting a website with your iPhone can cause it to be jailbroken, just imagine what else could hackers do by exploiting this vulnerability? Cybercriminals would be able to create booby-trapped webpages that could — if visited by an unsuspecting iPhone, iPod Touch or iPad owner — run code on visiting devices without the user’s permission,” Cluley wrote in a blog post.
VUPEN, an IT security research firm, on Tuesday, issued an advisory about two vulnerabilities in Apple iOS for iPhone and iPad that attackers could exploit “to take complete control of a vulnerable device.”
Dave Marcus, security research and communications manager at McAfee, said the vulnerabilities pose the threat of being used for other attacks.
“This should serve as a wake-up call for anyone with a mobile device: Remote exploitation is real and here to stay,” he wrote in a blog post. “For now, these vulnerabilities are being used (as far as we know) to jailbreak iPhones, but they could be used to do many other things to iPhones and their owners around the world.”