Apple is already working on a fix for a security flaw reported by the German Federal Office for Information Security Wednesday. The Mac maker said in a statement that it “takes security very seriously,” and is “aware of this issue and developing a fix that will be available to customers in an upcoming software update.”
There isn’t a specific timeline for when the update will be released, but when it does arrive, it’ll also shut down the ability to jailbreak iOS devices using the most recent JailbreakMe browser-based method. The jailbreak takes advantage of the same exploit which poses a potential security threat and involves the way in which Safari and Mail manage PDF file downloads.
Apple will likely be quick with an update, considering the nature of the German IT agency’s warning. The organization called the flaw a “critical weakness,” and one which is “sufficient to infect the mobile device with malware without the user’s knowledge.” It affects users running iOS 4.3.3, and possibly older versions as well, according to the German agency.
While users await a software update to patch the hole, the best way to avoid any potential security threats is to avoid downloading PDF files from any untrusted sources, either via email or mobile Safari. As mobile web access becomes more popular, it’s generally a good idea for users to practice the same kind of safe browsing that helps avoid malicious attacks on desktop computers as well, part of which means not downloading content when its origin is at all suspect or hazy.
A similar flaw was discovered in August 2010 that also allowed for web-based jailbreak, and also caught the attention of the German government. Apple took about a week to issue an iOS update to patch the problem at that time, so it’s reasonable to expect a similar timeline for release with a 4.3.4 update.