There’s a PDF Security Hole in My Bucket, Dear Apple.

For the jailbreakers of Apple hardware a web browser-based software exploit is used to free certain devices.

While the URL itself is not intended for malicious purposes, the PDF exploit it uses could be utilized by hackers to more nefarious ends. Miller said that with this method, a hacker does not need physical access to an iPhone, iPod touch or iPad — they just simply need to have the user visit a vulnerable website.

Source: Browser-based iOS ‘jailbreak’ utilizes ‘scary’ PDF security hole

Insecurities in PDF software have been used in the past.  The dompdf library was exploited in a recent version of e-commerce software.  In this case, the insecure software allowed web pages to be changed secretively.

This recent PDF software flaw will surely add weight to Apple’s preference for licensed apps over web-browser applications:

Taken together, the three filings point not only to the browserless future that Apple is seeking for its iOS devices, but also — if granted by the much-maligned US Patent and Trademark Office — to an application ecosystem in which software patents are sweepingly broad and the protection of “prior art” is enfeebled.

Source: ‘Death to browsers!’ cries Apple mobile-app patent

The freedom to do what you want with your hardware is as important as being able to choose which software you can use (including web browsers).

Tags: , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: