The code used in the ultrasn0w jailbreak released Tuesday for iPhone 4 could also be used to take over your iPhone, according to a warning issued by Symantec. That was followed by a warning from the German government warning iPhone and iPad owners not open certain files, especially leaders in government and business. Apple announced that a fix has been developed and is on the way.
While ultrasn0w was developed for iPhone 4, the exploit itself affects iPhones running iOS versions 3.1.2 to 4.0.1, iPads running iOS 3.2 and 3.2.1, and iPod touches running iOS 3.1.2 to 4.0. Without offering any specific information, the German government also said it could affect older versions of iOS, as well.
According to Symantec, the exploit involves two phases: “The first issue is reportedly a PDF font parsing vulnerability affecting Mobile Safari. Upon successful exploitation, a second-stage local exploit is used to elevate to root privileges on the device. There has been no public confirmation as to whether or not these vulnerabilities affect desktop installations of Safari or OS X.”
Germany has taken the possibility of the exploit being used in the wild quite seriously, with the country’s Federal Office for Information Security (known in Germany as BSI) issuing a statement warning iPhone users to avoid opening PDF files on an iOS device.
“Due to the popularity of the iOS devices,” the BSI said, “[it is] assumed that they are also increasingly used in the workplace. To the knowledge of the BSI, the iPhone (is also) used in senior management. It is therefore conceivable that the outlined weaknesses could be used in targeted attacks on leaders.”
An Apple spokesperson in Germany told the Associated Press, “We know these reports and are investigating them.”
Later in the day, a U.S. spokesperson for Apple told CNet: “We’re aware of this reported issue, we have already developed a fix and it will be available to customers in an upcoming software update.”