PDF Flaw Puts iOS Devices at Risk

One of the persistent claims–in fact, a claim that I myself frequently make–is that iOS is a more secure mobile platform than the rival Android OS by virtue of Apple’s closed environment. The walled garden and the app approval process offer some level of protection for iOS users, right?

Well, that is true to an extent, and I still maintain that iOS is more secure than Android overall, but you can’t ignore the fact that hackers manage to jailbreak iOS–often within a day or two of a new version being released. Jailbreaking, in and of itself, is not malicious. It is designed to break down the Apple walls and give users more open access to work with their iOS devices as they choose without needing permission from Apple. The reality, though, is that if benign hackers can jailbreak iOS and gain full control over the mobile OS, then so can malicious attackers–leaving iPhones and iPads exposed to significant security risk.

The recent JailbreakMe 3.0 tool can wirelessly jailbreak iOS devices–including the iPad 2, using a flaw in the way iOS manages PDF files. Apple is working on a fix, but in the meantime I recommend being very careful about opening PDF files on an iOS device–unless you are intentionally trying to jailbreak the device.