A website that has made it simple for iPhone and iPad users to jailbreak their devices may not just be a headache for Apple, but also a portent for future malicious attacks.
Owners of Apple gadgets who visit the JailbreakMe website in Safari have found that all they need to jailbreak their device is slide a button to give permission, opening up the possibility of installing apps that have not been approved by the official AppStore.
Previously, jailbreaking has required users to connect their device to a computer before they can start to tamper with the set-up of their iPhone or iPad and gain access to the Cydia underground app store.
The drive-by jailbreak is possible because the website exploits a vulnerability in the way that the mobile edition of Safari (the default browser used in the iOS operating system) handles PDF files – specifically its handling of fonts.
As a number of Naked Security website.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.