Apple readies fix for iPhone browser security hole

The company says the security hole discovered earlier this week will be plugged with a forthcoming iOS software update.

Apple says that it has a fix for the browser security flaw discovered earlier this week on its iOS-powered devices.

After the iPhone Dev Team released the latest jailbreak software hack for the iPhone over the weekend, it became apparent that the way the jailbreak worked--via an iPhone's mobile Safari browser--that the phone has a security vulnerability when it comes to the way it loads PDF files from the Web.

On Wednesday an Apple spokeswoman said in a statement, "We're aware of this reported issue, we have already developed a fix and it will be available to customers in an upcoming software update."

Apple declined to say when the update would be pushed out.

There are two distinct vulnerabilities in the iPhone uncovered with the jailbreak software's release, principal analyst Charlie Miller of Independent Security Evaluators told CNET Tuesday. One flaw is in the way the browser parses PDF files, enabling the code to get inside a protective sandbox, and the other hole allows code to break out of the sandbox and get root, or control, privileges on the device.

The security flaw is so serious that the German government issued an official warning to citizens about it on Wednesday and said it was investigating.

Apple declined to comment on Germany's Federal Office for Information Security's statement.

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

The new Moto 360 looks more like a watch than a smartwatch

CNET's Dan Graziano gives you a first look at the brand new Moto 360.

by Dan Graziano