Hackers have once again found a weakness in the way Apple’s Mobile Safari browser loads PDF files, making it possible to jailbreak iOS devices without connecting to a computer first. Anyone interested in jailbreaking their device simply needs to point their Mobile Safari browser to jailbreakme.com and follow a simple set of instructions.
Jailbreakme is web-based, but does, however, recommend first connecting to iTunes to perform a backup. Other popular jailbreaking methods require users to download a program to their computers and then connect their device in order to carryout the exploit.
The hack was developed by “Comex,” Grant “Chpwn” Paul and Jay “Saurik” Freeman. The trio has dubbed their most recent exploit JailbreakMe 3. Last year, Comex released JailbreakMe 2, which made use of a similar vulnerability in the way iOS devices handle PDF files. Apple was quick to respond, releasing a patch within a matter of weeks to address the JailbreakMe 2 exploit.
This time, the hackers have beaten Apple to the punch. You see, Comex and his squad have already released a patch to protect iOS devices from the latest PDF exploit. But there’s a big catch; in order to download the patch, you’ll need access to the unofficial app repository Cydia, which– you guessed it — is only available for jailbroken devices.
In theory, JailbreakMe 3 exploit could be appropriated by other hackers with less noble intentions. The hackers say that, while that may be true, they aren’t particularly concerned. Comex points out that similar concerns were raised about JailbreakMe 2, but no reports surfaced of any hackers using the exploit malevolently.
“Until Apple releases an update,” Comex says in a FAQ, “jailbreaking will ironically be the best way to remain secure.” No word on when Apple will release its patch, but you can bet that they’re already at work on it.