Apple getting ready to fix browser security hole

Το τελευταίο jailbreak, αυτό που έφτιαξε ο comex (που είναι πια στην θέση του geohot) το jailbreakme.com βασίζεται πάνω σε μια “τρύπα” ασφαλείας που έχει το Safari στο iOS όταν φορτώνετε κάποιο pdf. Η Apple μετά την εμφάνιση του jailbreakme.com άρχισε διαδικασίες για να διορθώσει αυτό το πρόβλημα – την τρύπα ασφαλείας που έχει δημιουργηθεί.

Οπότε λογικό είναι να περιμένουμε για κανούρια αναβάθμιση σύντομα στο iOS που θα διορθώνει αυτή την “τρύπα” ασφαλείας στο Safari!

Apple says that it has a fix for the browser security flaw discovered earlier this week on its iOS-powered devices.

After the iPhone Dev Team released the latest jailbreak software hack for the iPhone over the weekend, it became apparent that the way the jailbreak worked–via an iPhone’s mobile Safari browser–that the phone has a security vulnerability when it comes to the way it loads PDF files from the Web.

On Wednesday an Apple spokeswoman said in a statement, “We’re aware of this reported issue, we have already developed a fix and it will be available to customers in an upcoming software update.”

Apple declined to say when the update would be pushed out.

There are two distinct vulnerabilities in the iPhone uncovered with the jailbreak software’s release, principal analyst Charlie Miller of Independent Security Evaluators told CNET Tuesday. One flaw is in the way the browser parses PDF files, enabling the code to get inside a protective sandbox, and the other hole allows code to break out of the sandbox and get root, or control, privileges on the device.

The security flaw is so serious that the German government issued an official warning to citizens about it on Wednesday and said it was investigating.

Apple declined to comment on Germany’s Federal Office for Information Security’s statement.