Following Apple’s release of the iOS 4.0.2 and 3.2.2 security updates Wednesday afternoon, the code for the exploit they protect against went public. Comex, the hacker that used the exploit to build a jailbreak for iOS 4, alerted the public to the code through Twitter.
A flaw in the way Apple’s iOS handled PDF documents could allow an attacker to gain control over an iPhone, iPod touch or iPad and run other code. That’s what Comex did to jailbreak devices so users could install third-party apps that aren’t available through Apple’s iTunes-based App Store.
That same security flaw could, however, be used for more malicious purposes such as stealing or deleting user’s data.
The patch Apple released Wednesday afternoon should protect users from the exploit, although it also means people that have already jailbroken their device will lose access to the unapproved apps on their device. Users hoping to jailbreak their iPhone, iPod touch or iPad after installing the security update will be out of luck, too.
Even though the patch kills jailbreak support, it’s still a good idea to install it because of the serious nature of the exploit.
To update to iOS 4.0.2 on the iPhone 3GS, iPhone 4 and second or third generation iPod touch, or iOS 3.2.2 for the iPad, connect your device to your computer and launch iTunes. You should see a prompt asking you if you want to download and install the update.
[Thanks to Computerworld for the heads up.]