Mark Dalby

Apple on Thursday said it is working to fix a security flaw in its iOS mobile platform that is being used to jailbreak iPad, iPhone and iPod Touch devices and may soon be leveraged by more nefarious individuals.

The flaw, which involves the way iOS handles fonts embedded in PDF files, was revealed on Wednesday with the release of JailbreakMe 3, a web-based tool that allows users to easily jailbreak their devices, including the iPad 2.

Jailbreaking allows users to gain full or “root” access to their device and thereby install applications that are not available through Apple’s official App Store. Apple said it expects to fix the vulnerability in a forthcoming security update, but did not specify a time frame.

The software running Apple’s iPhones, iPads and the iPod Touch has “critical weaknesses” that could be used by criminals to gain access to confidential data on the devices, Germany’s IT security agency warned Wednesday.

Clicking on an infected PDF file “is sufficient to infect the mobile device with malware without the user’s knowledge” on several versions of Apple’s iOS operating system, the Federal Office for Information Security said.

The same could occur when opening a website that carries an infected PDF file, possibly opening the device to criminals spying on passwords, planners, photos, text messages, emails and even listen in on phone conversations. “The weak points allow possible attackers to gain administrator rights and get access to the entire system,” it said.

After weeks of anticipation, we knew that the release of JailbreakMe was imminent. The clues and hints that Comex had left behind were just too obvious. What we didn’t expect, though, was that one of the beta testers for JailbreakMe would leak it out to the world.

Links starting popping up on several websites this morning, and by simply opening a PDF document from your device (yes, including the iPad 2), you were able to install Cydia, much like you install an app from the App Store.

It seems the individual(s) responsible for the leak claim they did so to encourage Comex to hurry up and release a final version. But it looks like all the leak did was create more work for the jailbreak community. “Save your iOS 4.3.3 blobs” is probably nearing trending status as iDevice hackers and developers tweet and retweet the warning to followers. Apparently the PDF exploit Comex found can be patched rather quickly, so we are told we can expect iOS 4.3.4 fairly soon.

L33tdawg: It looks like an official release from comex is also available via http://www.jailbreakme.com which has since been updated from the image above to a message that now reads “it’s been too long”

The software hole involved in a popular method for jailbreaking Apple’s iOS devices has reportedly been patched by the company as part of iOS 5, the free system software update that’s due out later this year.

Digging through the beta version of iOS 5, which Apple made available to developers earlier this month, the iPhone Dev-Team–a group of hackers that targets Apple devices and is not to be confused with Apple’s group that designs the iOS software–has discovered a change that threatens to close a loophole the group has long exploited.

“Those of you who have been jailbreaking for a while have probably heard us periodically warn you to ‘save your blobs’ for each firmware…. Saving your blobs for a given firmware on your specific device allows you to restore *that* device to *that* firmware even after Apple has stopped signing it,” the group wrote on its blog yesterday. “That’s all about to change.”

A software programmer who wrote a jailbreak application that would replace and improve upon Apple’s own iPhone notification system has been hired by Apple, AppleInsider can confirm.

Last week, word went out that Peter Hajas had stopped work on his “MobileNotifier” application for jailbroken iPhones. That, along with Twitter posts saying he had gone to work for a “fruit” company in California, led to speculation, from sites like iPhoneinCanada.ca and RedmondPie that Hajas was hired by Apple. AppleInsider was able to independently confirm on Friday that Hajas has indeed landed a job with the iPhone maker. He is said to be working in Apple’s iOS Applications & Frameworks division, at the company’s corporate headquarters in Cupertino, Calif.

MobileNotifier is an application that was described in the jailbreak-only Cydia application store as “iOS notifications. Done Right.” The application had nearly a quarter-million downloads from jailbreak users, and had been upgraded numerous times to reach beta 4. On his own blog, Hajas said he would be taking a break from the software, but added that his departure was “definitely not goodbye.” “I can’t say why, but it’s worth it. Trust me,” he wrote. “If you look around hard enough, you’ll probably figure it out.”