A security bug across all iOS4 devices and the iPad can give hackers full access to your device by simply viewing a PDF, according to Gizmodo.
The hack is apparently easily exploitable — it’s what enabled the dead-simple iPhone 4 jailbreak to work right on the device.
“It just requires the user to visit a web address using Safari. The web site can automatically load a simple PDF document, which contains a font that hides a special program,” writes Gizmodo’s Jesus Diaz. “When your iOS device tries to display the PDF file, that font causes something called stack overflow, a technical condition that allows the secret ninja code inside the font to gain complete control of your device.”
After the attack takes place, hackers gain the ability to do practically anything on your Apple device — including deleting files, and installing programs — without your knowledge. The bug is similar to one that affected TIFF image files early on in the iPhone’s life.
The easiest way to prevent being hacked with the exploit is to avoid opening any untrusted PDFs via Safari on your Apple device. Now that knowledge of the exploit is widespread, and given the extent of the breach, we can expect a swift response from Apple on the matter. Just be sure to jailbreak your phone before Apple releases a fix.
VB's research team is studying web-personalization... Chime in here, and we’ll share the results.