Experts warned that an inherent security flaw in Apple's iOS could leave iPhone, iPad and iPod users vulnerable to hackers.
The security flaw, a zero-day bug in iOS, has been exploited by the JailBreakMe.com website on Wednesday to allow users to upload software not approved by Apple onto their devices.
The jailbreak hacker community has reportedly already developed an unofficial fix for the security-hole. Unfortunately the fix requires the device's owner to jailbreak the device first before it works -- an act that will void the device's warranty.
“The company was aware of the problem. We are developing a fix that will be available to customers in an upcoming software update,” said Apple spokeswoman Trudy Muller, Reuters reported.
The hack takes advantage of a security hole in mobile Safari surrounding the display of PDF files. Unlike most jailbreaking tools, jailbreakme.com makes it possible to jailbreak iOS devices without connecting to a computer first. It is as simple as visiting a Web site that means you just have to grab your iOS device, visit the site from your mobile browser and follow a few simple instructions.
The latest JailbreakMe 3.0 works with iOS 4.3-4.3.3 on all iPads, the iPhone 3GS, GSM iPhone 4, third- and fourth-generation iPod touches, and iOS 4.2.6-4.2.8 for the CDMA iPhone 4.
Hacker comex with the help of Grant Paul (chpwn), Jay Freeman (saurik), and MuscleNerd is being credited with the work behind the jailbreak. This marks the third revival for jailbreakme.com. While the site first surfaced in 2007, after the release of the 1.1.1 software update, it relied on a different security flaw in mobile Safari to make it work, which it then would fix following the jailbreak.
The official site tells visitors they can jailbreak their iOS device to experience the software fully customizable, themeable, and with every tweak you could possibly imagine.
Jailbreaking is the process of removing the limitations imposed by Apple on devices running the iOS operating system. It allows iOS users’ devices on carriers other than AT&T or Verizon. The users are able to download additional applications, extensions and themes that are unavailable through the official Apple App Store, via installers such as Cydia.
Cydia is installed on the device, which acts as a repository for these unapproved apps that don't make it onto the App Store. The jailbreak does not affect approved apps: the user can install both on the same device with few -- if any -- problems.
Apple has the App Store, jailbreakers have Cydia, they say. Owned and managed by jailbreak cult figure Jay Freeman, Cydia reportedly attracts about 1.5 million visitors to its store every day. Considering the popularity of umpteen jailbroken apps, one can imagine the business it generates.
Launched in 2008, Cydia now earns about $10 million in annual revenue and counts about 4.5 million active weekly users hunting for apps.
Critics state that there are no obvious problems with jailbreaking your iPhone, while Apple claims that doing so will leave the iPhone seriously unstable and vulnerable to outside attack.
In a landmark ruling in July last year, the U.S. Library of congress declared that jailbreaking does not violate copyright protections. The Electronic Frontier Foundation, a San Francisco-based privacy-rights group, had petitioned the library, arguing that the jailbreak of Apple devices doesn’t infringe on copyright.