Apple readies fix for iPhone browser security hole

The company says the security hole discovered earlier this week will be plugged with a forthcoming iOS software update.

Apple says that it has a fix for the browser security flaw discovered earlier this week on its iOS-powered devices.

After the iPhone Dev Team released the latest jailbreak software hack for the iPhone over the weekend, it became apparent that the way the jailbreak worked--via an iPhone's mobile Safari browser--that the phone has a security vulnerability when it comes to the way it loads PDF files from the Web.

On Wednesday an Apple spokeswoman said in a statement, "We're aware of this reported issue, we have already developed a fix and it will be available to customers in an upcoming software update."

Apple declined to say when the update would be pushed out.

There are two distinct vulnerabilities in the iPhone uncovered with the jailbreak software's release, principal analyst Charlie Miller of Independent Security Evaluators told CNET Tuesday . One flaw is in the way the browser parses PDF files, enabling the code to get inside a protective sandbox, and the other hole allows code to break out of the sandbox and get root, or control, privileges on the device.

The security flaw is so serious that the German government issued an official warning to citizens about it on Wednesday and said it was investigating.

Apple declined to comment on Germany's Federal Office for Information Security's statement.

Latest Galleries from CNET
15 crazy old phones from a Korean museum (pictures)
10 gloriously geeky highlights from 2014 (pictures)
2015.5 Volvo XC60: updated tech, understated design
Busted! CNET readers show us their broken devices (pictures)
Take a closer look at the BlackBerry Classic (pictures)