Earlier this week a hacker group called Dev-Team launched a revamped website service that enables owners of the iPhone 4 and iPad 2 (amongst a myriad other iOS-powered devices) to jailbreak them in next to no time, for free, online. The JailBreakMe site exploits a vulnerability with the way that the Safari browser client handles PDF files to enable the jailbreaking to be performed in such a painless way.
However, as security researchers have been warning , the same vulnerability could be exploited by others for nefarious purposes rather than simply the ability to get apps which have not been approved by Apple onto their devices.
Graham Cluley, senior technology consultant at security vendor Sophos, worries that "cybercriminals would be able to create booby-trapped webpages that could run code on visiting devices without the user's permission" and predicted that Apple would be spitting feathers "that this vulnerability has been made public in this way" before it had a chance to get a patch out. Indeed, Cluley went on to wonder "how quickly they can issue a patch for iOS to close this vulnerability".
Well now we have the answer, sort of. Apple has confirmed it is working hard on a fix for the JailBreakMe vulnerability and although no release date has been announced, an Apple spokesperson says it will be "available to customers in an upcoming software update".
Given the coverage that the JailBreakMe site is getting online, I suspect that the update will be sooner, much sooner in fact, than later. So if you want to jailbreak your iPhone or iPad then you need to fire up the Safari browser client on the device and head over to the JailBreakMe site pretty damn quick...