Earlier this week, CNET reported that Apple had become aware of a iOS vulnerability that allowed jailbreaking via a web-based exploit. What this means is users wishing to jailbreak their devices no longer need to work synced to a computer. Intego reported heavily on this issue in its Mac Security Blog and it was picked up by Macworld UK. An extract from the coverage follows:

“While jailbreaking allows a level of customisability and the potential to run third party apps not endorsed by Apple, Mac security specialists Intego and others have claimed the flaw leaves Apple device owners particularly open to attack.

“Visiting a web site set up to perform this jailbreak operation will lead to the download of a PDF file, which contains code that exploits this vulnerability,” Intego noted on a blog post this week. “While this can be used to jailbreak a phone, it could also be used to compromise iOS devices. With a slight modification, this process could occur without any user notification or intervention.” The browser based jailbreak applies to any Apple device running iOS versions 3.1.2 to 4.0.1.

Intego continues: “The corrupted PDF file (there is one file per iOS version and hardware model; there are a total of 19 different files) is embedded into a web page in an IFRAME so Safari will display it automatically without any user interaction. The PDF file contains an embedded Type1c font that is corrupted and that contains exploit code necessary to download the jailbreak code. (This can also contain other malicious code.) This code is then executed in the kernel space through an IOSurface (IOKit) memory allocation bug, obtaining root privileges and bypassing code signing protection and sandboxing.”