A newly discovered vulnerability in the software that runs Apple iPad, iPhone and iPod touch could allow hackers to remotely enslave the popular mobile devices, according to the Vupen security firm (http://www.vupen.com)
“Two vulnerabilities have been identified in Apple iOS for iPhone, iPad and iPod, which could be exploited by remote attackers to take complete control of a vulnerable device,” says Vupen. “The first issue is caused by a memory corruption error when processing Compact Font Format (CFF) data within a PDF document, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page using Mobile Safari. The second vulnerability is caused by an error in the kernel, which could allow attackers to gain elevated privileges and bypass sandbox restrictions. Note: These flaws are currently being exploited by jailbreakme to remotely jailbreak Apple devices.”
Apple spokeswoman Natalie Harrison said the company was aware of the report and is investigating, says “Reuters” (http://www.reuters.com/article/idCNN0317624520100803?rpc=44).