Apple Patches Critical iOS Security Hole

Apple today released security updates for iOS devices as per their promise about a week ago, in the forms of iOS 4.0.2 for iPhone and iPod touch and iOS 3.2.2 for iPad. This is to address vulnerabilities in Safari which allow PDF files to execute commands and take control of any iOS device.

The breach was first brought to public by individuals behind the jailbreakme.com website, an effort to force iOS devices to run applications not available from Apple’s own App Store. The website, when loaded on an iOS device uses the security hole to download software packages and run commands to perform the jailbreak.

While there’s nothing malicious about the jailbreak itself, the same vulnerability can be used for much more sinister purposes such as making random phone calls or sending messages without your knowledge. Once these updates are installed, the jailbreak method described above will no longer work and your device will no longer be jailbroken. The website F-Secure provides a list of questions and answers regarding the vulnerabilities.

Although these security holes affect all iOS devices running any version of the iOS, Apple’s updates leave out first generation iPhones and iPod touches because they are not compatible with iOS 4. Apple could have implement an update for iOS 3 users but it seems they prefer to have iOS device owners to update to iOS 4 instead or in the case of first generation device owners, buy a newer device.

The updates are available from iTunes and can be downloaded once you plug in your device.