Apple on Thursday said it is working to fix a security flaw in its iOS mobile platform that is being used to jailbreak iPad, iPhone and iPod Touch devices and may soon be leveraged by more nefarious individuals.
The flaw, which involves the way iOS handles fonts embedded in PDF files, was revealed on Wednesday with the release of JailbreakMe 3, a web-based tool that allows users to easily jailbreak their devices, including the iPad 2.
Jailbreaking allows users to gain full or “root” access to their device and thereby install applications that are not available through Apple’s official App Store.
Apple said it expects to fix the vulnerability in a forthcoming security update, but did not specify a time frame.
Germany’s Federal Office for Information Security on Wednesday issued a warning that the flaw could be used by criminals to install malware on users’ devices and steal confidential information. Attackers could also exploit the weakness to access built-in cameras, or intercept phone conversations and GPS locations.
Attackers likely soon will begin exploiting the flaw, since public exploit code is already available, German officials said. No attacks have been identified yet, however.
The flaw affects iPad, iPhone and iPod Touch devices running iOS versions 4.3 through 4.3.3. Users of these devices should be cautious before opening PDF documents from unknown sources, German officials warned.
The hacker behind JailbreakMe 3, who uses the alias Comex, has released an unofficial patch for the flaw and made it available on the third-party app store Cydia. The fix, known as PDF Patch 2, can only be installed on a jailbroken device, however.
Researchers at Mac security firm Intego have warned users against jailbreaking their iOS devices, as doing so opens them up to increased security risks.