Regarding Jailbreak, exploits, and maliciousness


Last night during iPad live I ranted on about how a web-based Jailbreak, like the recent iPhone 4/iOS 4.x/iOS 3.2.x release showed a dangerous exploit that Apple needed to patch immediately before someone evil got a hold of it and began malicious attacks.

Is this different from any other Jailbreak? Yes and no. All Jailbreaks begin with an exploit -- a mistake in the software code -- that lets outside code get in and run on the device. But that code doesn't have to Jailbreak your iPhone, iPod touch, or iPad. It can do anything. It can paint your screen a lovely color, or it can steal or your personal information and beam it back to hacker HQ. Jailbreak good, virus or trojan bad, but the root of both is the same -- exploit that allows remote code execution. If a Jailbreak can get in, so to can presumably almost anything else.

Web-based exploits -- like one of the original iPhone 1.x Jailbreaks and now the recent iPhone 4, etc. Jailbreak -- are theoretically more dangerous because they're easier to trigger. You don't have to download and run a program or go through all the steps of putting your device in DFU mode. You just go to a website, maybe tap a few times, and boom, you're Jailbroken -- or boom, you're in a world of trouble.

Evildoers could conceivable make fake or compromised versions of *ra1n or Spirit, or whatnot -- that's one of the ways malware spreads in the PC and even Mac world. They could conceivably make infected versions of any Jailbreak or cracked app. And they sure could make fake versions or mirrors of web-based Jailbreak sites.

Should this scare you? Yes. The likelihood of a fake Jailbreak program is probably a lot lower than a fake Jailbreak website, or worse -- just a random website armed with the exploit.

Should Apple fix it immediately? Yes, even though they'll get accused of "shutting down Jailbreak" again. Zero-day, in the wild. This is as bad as it gets. Sure it's convenient and many people want an easy Jailbreak but this is just too easy to go way beyond Jailbreak.

Apple's not the fastest company on the planet when it comes to patching exploits, unfortunately, but hopefully this spurs them on to newer, faster, action.

In the meantime, if you're sophisticated enough to really examine what you click or tap before you download or activate something, if you know the source of what you've got, where exactly it comes from, and what precisely it's going to do before you use it, you're probably fine. If you're the one who's PC keeps getting infected from Limewire downloads and fring pr0n sites, then start being careful. Don't click or tap on random links, don't go to websites you don't trust.

Everything has a good and bad side. Nothing comes without a cost. Breaking into the root jail of an iPhone or iPad means you've stripped away Apple's signing system and sandbox. That can help you get useful customizations and controls, and it can help bad guys get your information.

UPDATE: There seems to be some confusion in the comments. This exploit is potentially dangerous whether you Jailbreak or not. Web-based, zero-day exploits in the wild are serious. Apple needs to patch it asap.

Rene Ritchie

Editor-in-Chief of iMore, co-host of Iterate, Debug, ZEN and TECH, MacBreak Weekly. Cook, grappler, photon wrangler. Follow him on Twitter,, Google+.

More Posts



← Previously

iPhone 4 jailbreak enables FaceTime over 3G

Next up →

iTunes cloud-based music taking a back seat to streaming video?

There are 74 comments. Add yours.

John says:

Apple products are all safe and secure out of the box. I don't trust this article.
Anyways thanks for the info.

firesign3000 says:

In my experience with my 3G it was never worth it for the performance hits, loss of visual voicemail, and other problems I had. Jailbroke twice, restored it to factory both times. On my 4 it's not worth the chance to me at all. The only reason would be for tethering, and I don't need it that bad. But yes, I agree this is a huge security hole that Apple needs to plug, and to hell with what the whiners say about freedom and blah blah blah.

firesign3000 says:

John --> You just keep believing that. I've got a bridge in Brooklyn for sale too.

John says:

Jailbreak is not good for the iPhone... It creates bugs that Apple has to fix.

francolasalsa#IM says:

Hopefully rock and cydia will one day be able to install without having to jailbreak . This is all apples for being so Stalin esque.

francolasalsa#IM says:

Can you beileve Microsoft behaved like this with their PC OS , how back would we be in terms of development

Tim says:

I did the last night and had this exact thought process. I am not one of the people you refer to in the article, always fighting virus's. I consider myself a pretty computer savvy and safety conscious person. So I could not help but to have all the same thoughts as I watched a website do what use to be such a labor intensive process. I thought to myself, what else could someone do using this process, what if there was not a "slide to jailbreak"? What if I just went to a fake and suddenly found myself explaining to Apple that I was not the one who ran my iTunes bill into the thousands. I think the fan boys would argue to defend their Apple overlords, but I feel that this is such a large error that some serious attention should be drawn. If this same issue was presented on a Windows Mobile phone, the blogs would be lit up with mockery of a failed OS. But who dares to confront the men in Cupertino. I know that I will be much more cautious of the sites I visit from my iPhone and iPad knowing this exploit exist.

Tim says:

@John "all safe and secure out of the box" but yet this hole exist weather you have jailbroke or not, Just because you have not ran the jailbreak does not mean that a site is unable to inject code and take control. Enjoying the kool-aid?

Vince says:

Well, by your rationale, wouldn't it be better found first by those that are not malicious (White Hat) than the Black Hat folks first so that Apple can plug up the hole? It's not as if the bad guys may not be looking too - would you rather they find it FIRST? Now we (and more importantly) Apple know it's out there and can be plugged up.
Don't paint the iPhone Dev team / comex as the the bad guys here - they've provided a service for free that no one is forced to do. In fact, the Jailbreak scene will likely released a way to block this exploit before Apple does. They're not out to do harm.
The flip side is that now I'm able to use FaceTime over 3G, which you know... works pretty great. The wifi necessity is an artificial roadblock set by AT&T and Apple. It works. Will it bog down the network? Not my problem exactly - that's what I pay AT&T $130 a month to figure out.
This is chicken and egg stuff really. Why Apple don't throw money at these guys and hire them for security is beyond me. If there is a group out there that is consistently and constantly beating you to the punch, he's not your enemy - he should be your greatest ally.
Plus, from the comments above, most of the world is completely clueless about Jailbreaking.

t0m says:

@John Really hope you're not as dumb as you sound.

icebike says:

What if I just went to a fake and suddenly found myself explaining to Apple that I was not the one who ran my iTunes bill into the thousands.

Freudian slip?
Android central has an app featured in a story that will root your Droid direct from the market. Dhe difference in mind set is amazing.

iphone4 user non-jailbroken says:

its the jailbreakers who will suffer, hope you all brick your phone

Lithium says:

Renee, really don't hope I sound rude here, but we visit this website for updates and information, not for your opinions. In this article, it almost seems as though you've been told by the big Apple itself to try to persuade us away from the jailbreak, and you're encouraging Apple to step up even more against consumer freedom.
Your words:
"Apple’s not the fastest company on the planet when it comes to patching exploits, unfortunately, but hopefully this spur them on to newer, faster, action."
Also, I would just like to suggest to you, without meaning any disrespect, that you proofread all your articles and possibly even have someone else proofread them for you before posting. Some of the little inaccuracies can be extremely distracting, and oftentimes force me to re-read sentences just to correct it in my head before I can continue.

JD says:

I think @John was joking ya'll.... at least I got it.

HungWell says:

You guys are idiots. You don't even have to jailbreak to be vulnerable to this. ALL iPhones have this hole whether or not you've jailbroken. The jailbreak just uses this vulnerability to load Cydia. Once again, I'll say it OUT OF THE BOX THIS iPHONE IS NOT SAFE. There is due to be a Cydia loaded program that will actually warn you if someone tries to use this on your iPhone, and yes, until Apple patches this, that means only jailbreakers will be safer.

Boots says:

You can't brick a phone IDIOT... Restore = unbrick

^ lol says:

oops damn was trying to get iphone4 user non-jailbroken :(

icebike says:

Did you not read these two Paragraphs in the story:

Evildoers could conceivable make fake or compromised versions of *ra1n or Spirit, or whatnot — that’s how malware spreads in the PC world. They could conceivably make infected versions of Jailbreak or cracked apps. And they sure could make fake versions or mirrors of web-based Jailbreak sites.
Should this scare you? Yes. The likelihood of a fake Jailbreak program is probably a lot lower than a fake Jailbreak website, or worse — just a random website armed with the exploit.

If these guys can do it with web site, what can other nasty guys do with their web site?
This isn't about Rene's opinion, its about common sense. Did you learn nothing in the era of drive-by-installs?

Tim says:

"Freudian slip?
Android central has an app featured in a story that will root your Droid direct from the market. Dhe difference in mind set is amazing."
What does that have anything to do with? All I was saying is, lets say you find yourself on a compromised site, I used as example, but it could be your droid central site, who cares, the hole is there and who knows what could be done with it. If a blackhat decides he wants to purchase apps and songs from iTunes from your account, whos to stop him.

howens says:

Lithium, no offense, that was rude. Renee is in charge of, he can post as he likes. He is entitled to an opinion just as you are. TIPB is the same position as we are with iPhone 4...if you tried it, don't like it, take it back. If you don't like it, then don't buy it. I've never heard Renee say that he wouldn't give an opinion.

iphone4 user non-jailbroken says:

and only the jailbreakers will be affected because they are the ones who will visit the sites to jailbreak a phone, everyone knows not to goto a site that seems suspicious.
non-jailbreakers wont be retarted enough to visit a site that can make them vulnerable to an attach, look at the whole SSH issue, no one attacked or held a non-jailbroken phone hostage until the password was changed.
and jailbreakers have to break down a cell phone companies network by enabling features to tether or use facetime over 3g because there too cheap to pay for it.

Mike says:

Wow, I used last night, now I'm a little scared. Renee does make some good points.

Vince says:

"non-jailbreakers wont be retarted enough to visit a site that can make them vulnerable to an attach"
Successful troll is successful. You should probably just stop.

Marty says:

Calm down, evil is and will always be. Any attempt by Apple to patch this or future exploits will not go unanswered. We want our jailbreaks and our cake too.

shollomon says:

Freedom is never free. At a minimum it's hard work. At max you can die engaging in being free.

Keisuke says:

This is a security exploit which jailbreakers have highlighted and used. Not out of malice. But when someone notes the backdoor for everyones convenience, it can also be used by bad guys not clever enough to find it themselves. And the dev team isn't filling Apple in on the exploit. We can only hope Apple pays attention. I want a jailbreak and appreciate their work. But this is a PDF exploit. PDFs run immediately on iPhones. Hence even the most savvy user can be tricked if they think they are getting what they want.
This exploit is easily hidden and requires very very little work from the user to let it happen should they want it. I am happy with needing to plug in 20 seconds to jailbreak than a dangerous web browser exploit being shown to every black hat in the world and noting how to execute native code on my
iPhone through Safari

Church burner says:

You do t have to be jail broken for exploit to work. What do you not understand? The jailbreak uses one of the countless safari holes that exist to install. This particular hole involves how PDF files load. So, if someone attaches malicious code to a PDF file hosted on your favorite website ( you will be hacked. Keep in mind this is only one of the many mobile safari holes. So that means EVERY IPHONE USER is at risk of a hack. Educate yourselves before commenting.

Charlie says:

I own an iPhone and an iPad, and I'm sitting here doing something that I frankly haven't done since I purchased my iPad. I am sitting on the couch with my Macbook Pro on my lap (and I'm not editing photos or balancing my checkbook). This exploit really has me freaked out, I am not going to be using my iDevices for web browsing until this is fixed.
Rene, I absolutely agree with this post, BUT Tipb can't have it both ways. Your site, not you to be fair, posted several articles about this new JB and how to mitigate the many issues it caused (facetime, mms, etc). Your site promoted this exploit and presumably benefited with page views, when in fact that's exactly what this is, and exploit. How do we have any idea that the guy that posted this isn't stealing everyone's data that JB's through his site? I really think it's irresponsible to promote this as anything other than a zero day exploit that's in the wild (I actually emailed Gruber saying something along these lines earlier in the day - I'm not saying he actually read my email, but I at least am not parroting DF).
At this point, really what value does Jailbreaking even bring to the iphone experience? The last thing that made me even consider it, GV Mobile, no longer works due to iOS and changes to the Google Voice api. I honestly don't see any reason why this needs to continue. We should not be encouraging people to go to this site that no one knows the providence of and submit to an exploit which no one is really sure of what the author's motives are.
With that said, I really hope Apple fixes this soon and really ramps up their security. A vulnerablity of this magnitude is scary and a huge chink in the armor of Apple's security record (especially since it closely follows the Safari Address book vuln) I hope they take a look at their current security practices and work toward preventing this from happening in the future.

Jaredkaragen says:

Funny how "it's jailbreake that CREATES bugs that apple has to fix" is said up top...
Stupid people... Dumb cattle... Follow the heard, or in your case your imaginary heard on uninformed/uneducated land...
This is a DANGEROUS exploit... I just recorded what the site does to enable code execution like that...
Woah... Talk about making a webpage that can screw up any device in a heartbeat...

Church burner says:

@Charlie your logic on not using your iDevices is priceless. If I told you too much sun gives you skin cancer would you become agoraphobic?

Charlie says:

Ok...I guess. I'm not using it because I can't trust it, the same reason I didn't use IE 6. This exploit could be on any site (I'm not saying it is, but it could be at some point). All it takes is for a blackhat hacker to infect a legitimate site with something that loads this exploit and it's over.
At that point, since we don't have root level access (ironic isn't it) or any type of malware protection on iPhones, there would really be no way to tell you've been compromised. I have a lot of personal information on my devices and I really don't want to risk not knowing I can trust the integrity of my device.
Your analogy doesn't quite hold up. I have confidence that Apple will fix this within the next couple of weeks and I have other devices I can use to access the web, or gasp I can stop accessing the web for a while. A temporary measure to avoid an unnecessary risk doesn't exactly make me agoraphobic.

Charlie says:

Also, I skin cancer runs in my family, so no I don't go out in the sun without protection - no different then my computing habits.

Mark Johns says:

It's now time that Apple allowed a user to jailbreak and stop blocking it. You've had a great run but give the people what they want.-

HungWell says:

@Mark Johns- It's actually good that Apple tries to prevent jailbreaking. That way the GOOD GUYS find these exploits first. THOSE OF YOU WHO ARE JAILBROKEN: Check Cydia tomorrow- there should be an app that will give you a warning that a PDF is about to execute and give you an opt out. THOSE OF YOU WHO AREN'T JAILBROKEN: Sorry but it it YOU who are screwed this time.

Jason masters says:

There's no need to worry no one has sensitive info in their iPhones that's only blackberry users lol!!!

Charlie says:

This is what I am afraid of:
"However, the exploit used to jailbreak iPhone, iPod and iPad devices is reportedly about to be turned against the hacking community, we’ve been told. Once the exploitation method is disclosed to the public, black hat hackers would be able to take advantage of it by setting up their own websites that could load malicious code onto your device. This is done through the jailbreakme PDF exploit. Under this method, it would be possible to steal your address book, text message database, or much worse. "
Pretty nasty stuff.

(Copy of) Dev says:

This really has nothing to do with jailbreaking, except that the first usage in the wild (that we know of) is to facilitate jailbreaking. This is automatic, privileged execution of remotely delivered code. This type of exploit is on par with any of those that doomed Internet Explorer (reputation, if not market share), and Apple needs to close this hole yesterday.

HungWell says:

This will be a true test to see how fast Steve Jobs can jump start his iLiver and plug this hole in Safari.

Charlie says:

I'm officially off of Safari on the desktop now (I know this was already patched on OS X), but there were already so many factors pushing me towards Chrome to begin with (superior extensions, sandboxed tabs and plugins, that cool little search feature that shows where on the page what your looking for, the ability to type a website hit tab and search the site, google voice extension, the list goes on.
Now I have more confidence that the recently announced frequent updates to Chrome are going keep it safer than Safari as Apple's recent stance on security has been extremely reactive. When Chrome is patched you typically find out about the vulns after they were patched, not the other way around.

Vince says:

PDF, hmmm? Good old Adobe in the mix once again.
Anyway, fact is that this exploit obviously existed before and doesn't seem that complicated. The jailbreaking really changes nothing in this situation.
If a bank leaves the door open in the middle of the night and I walk in and don't take a single thing, but just walk right back out... am I a bank robber? If I tell the bank and someone else that the door is unlocked, the person decides to rob the bank. Am I now a bank robber? What's the banks responsibility since they know too?
It's not the greatest analogy, but hopefully you get the picture. People can rob the bank, and it'll affect other people... and their money, but maybe, just maybe the bank shouldn't have left the door open.

Vince says:

@Charlie, I use Chrome religiously... Dev Channel, I'm actually ahead of the game. I was recently infected by spyware. How? Flash vulnerability. I've since disabled flash. You're never truly safe, so don't think switching to Chrome will solve everything.

Charlie says:

@Vince that is why I use flashblock. I only load the flash I actually want to see.
But, especially with that type of vulnerability, you're better off with Chrome if you aren't going to use flashblock/click2flash because Chrome will automatically keep your flash up to date. There isn't any other automated way in OS X to do that that I am aware of.
Also, you might be better off running the stable branch. It is possible that there could be bugs in the Deve branch that could lead to an infection (it's also possible in the stable branch, but less likely).

Charlie says:

Also, I should clarify, I'm not saying that Chrome is the cure all for security woes, but basically since Chrome's inception it's had a better security track record than Safari. I can think of several fairly widely reported Safari security vulns, but I can't think of any for Chrome. It was also the only browser not to be exploited at PWN2OWN the past two years.
There is no perfect solution for security, but I've given Safari enough chances here, and they really don't seem to be getting any better (plus as I said in my post above, there are a ton of little features that I've grown to love in Chrome, usablity is head and shoulders above Safari). I honestly think that Microsoft may be lapping Apple when it comes to security which is really sad. Apple needs a Trusted Computing Initiative like MS went through towards the end of Bill Gate's tenure.

(Copy of) Dev says:

According to Charlie Miller (via Gruber) this was not an Adobe bug, but an Apple one.

Josh says:

How many jailbreaks have been made and loopholes found? If the iPhone was secure out of the box, then there would have been no chance of a jailbreak. Go play in traffic

iName says:

like you said as long as you go on trusted sites you have nothing to worry. the same goes for any device where you would connect to the internet. this article is nothing but fear mongering.

ThisBrian says:

There is a fix for this security flaw, I did it and it works. But you have to be jailbroke to do the fix. Go to this article at
I used the iFile method. It gives you a dialog box if Safari tries to download a PDF.

Eagleyesmith says:

Although I love jailbreaking, this article has a really good point. I just wish that Apple would just allow these programs into the AppStore and we wouldn't even be here right now. But only in a perfect world, if only.

iBlackdude says:

Why I jailbreaked/unlock? To use my iPhone with Tmobile USA or any other carrier when I'm oversea.
and don't try to be rude with us, Jailbreakers. Because, WITHOUT US, YOU WILL BEIN A CUBICLE DOING A 9 to 5 Job !!!!!!!

dtothep says:

People are so petty and self-important. They love to name check huge corporations like they're players in the game as well. This article, common sense as it is, flew straight over the heads of many commenters. The author hit the nail on the head with that limewire reference. Those are the people who make customer service jobs hell. Hooray for user error!

fastlane says:

I've decided not to jailbreak anymore since 4.0... but if I did, I'd at least wait for the Dev Team's. :roll:

Steffen says:

Since the jailbreak, 3G radio on an iPhone 3GS won't work any more - gives a "no signal" all the time. Switching off 3G will fix that.
Anyone else experienced that?

DGAdams says:

@Steffen You have to reset the network in the Settings app. I had that problem and this fixed it.

mistafuture says:

Okay.....yes this is the fastest jailbreak so far. We are now clear about the exploit being there regardless of jailbreak. Here is the question you should all ask & then shut up! When is the last time the DEV TEAM let you down or provided information they didn't feel was ready for the people!? Okay then..exactly! Never. So shut up with ya non sense about something free that benefits....and this is only in response to dumbasses in the comments. Rene's article is food for thought. Thanks Tipb

davidcevans says:

Great article Rene. I won't jailbreak my phone because I have work-related info on it. It's important to understand the risks you take with information, and this article is very informative to that end

robotphood says:

Exploits are there whether there is a jb or not. If anything this will get apple to patch it asap. Just be safe and use common sense.
As for the usefulness of jailbreaking I guess some people don't understand that some iPhone user just need a bit more than what apple allows. This doesn't just include tethering or FaceTime on 3G (not even possible if you wanted to pay for it). How about a real task switcher, real backgrounding, quick reply capability, control over alerts/notifications, a useful lockscreen, theming, GV mobile+ (still works beautifully), etc.... Some people definitely do not need these capabilities but some do. Other smartphones have had them for ages but Apple's simple elegance and quality is still unmatched. Once the exploit is patched you'll be "safe" "again". Let us have our jailbreak, don't drive us to the surging monster called android.

Ahaha says:

Funny tha,t the only way right now, to close this exploit is to jailbreak and then patch files yourself. Sinfuliphone has instructions on how to do it.

cardfan says:

I'm with Rene on this one. Patch this was too easy.
But let's call for apple to get some OS updates done. Mywi says a hotspot app can be done. Where is it Apple? Instead of worrying about itunes in a cloud or gamecenter, why not address the real (basic?) shortcomings of iOS? More consistent multitasking, better notifications, ability to change tones, etc.
A year from now i wonder if i'm still going to be sitting around waiting for a few geeks to find exploits or if i'll switch to a more flexible platform that isn't focused on ending the tradition of tweaking your smartphone. That retina screen won't be an advantage for too long before android device makers equal or better it and google just needs to catch up in other ways. Or maybe HP/palm has a surprise for us.

HungWell says:

I can't believe after after 60 posts here, people just don't get it. They think if they don't jailbreak, they can't have a problem. Take a peek 4 or so posts up @David. He thinks his work info is safe because he didn't jailbreak. RENE: I think you better rewrite this article or write a new one. They're just not understanding.

shollomon says:

Yep, they aren't getting it. The hole exists whether you jb or not. The current jb is an example of an exploit using the hole, others that are malicious could be written. The authors of the jb exploit did not create the hole. You are vulnerable to a pdf exploit if you don't jailbreak.
If you do jailbreak, you can go to Cydia and install PDF Loading Warner. This small app will pop up a dialog that alerts you that you are about to download a pdf and asks if you want to continue. If you were at a trusted site and were expecting a pdf, you continue, if not.... This is not real protection but its better than the no protection you have if you are not jailbroken.
Once again, jb does not create security holes, it uses holes that already exist to install the jb software.

davidcevans says:

@HungWell and @sholloman; I see why my comment in haste was misinterpreted - I didn't mean "I'm safe because I don't jailbreak". There is no such thing as perfect safety, and yes this vulnerability that enables jailbreaking can also be used to get into my phone if I click incautiously.
I was responding to Rene's theme that people sometimes Jailbreak without understanding that the controls they remove also offer an element of protection. With or without jailbreak, there are vulnerabilities, but jailbreaking certainly introduces a whole new axis of vulnerability. If you're savvy enough to understand the risks you're taking and mitigate against them, then fine, otherwise, I thought this was useful and instructive for those who otherwise might be ignorant.

HungWell says:

@David- the control that you are removing by jailbreaking is essentially trusting that the jb apps you load aren't either malicious or creating ways for others to be malicious. It has already been proven that apps can sneak by Apple into their app store without Apple knowing all that they do ie. Handy Light was a tethering program posing as a flashlight app. Fortunately this wasn't an evil disguise. As long as there are malicious people there will be malicious acts. I believe the risk of more functionality with my phone is worth the jailbreak. I try to be as cautious as possible, loading apps that many others have tried before and practice "safe browsing" as much as possible. I'm also very lucky- just this morning I got an email from South Africa saying I won their lottery that I didn't even enter ;)

justincirello says:

Come on everyone
Kick back and enjoy your gorgeous iPhone 4's. Don't worry about so much about what other people are doing
If you want to jailbreak, go right ahead. If you're like me, and are just turned off to the idea- then just don't do it.

sumsangtrade says:

Ipad ia a great product at present. I bought one Apple Ipad from in competitive price. It bring me a lot of convenient. I like it very much.

Helmacc says:

Ok there's a hole in there. So what! If there was no hole at all, there would not be any jail break so shut up already!!!!

Jon says:

Mostly directed @iBlackdude:
I wonder how long it would take to emulate the styling (it's just a bit of CSS and jQuery), and create a phishing page that prompted users to log into iTunes? That scans the phone for email addresses, credit card numbers, and so on? That bricks the phone outright?
The point Rene is making is that these exploits can easily be used for malign purposes, and in most cases the average user would be totally clueless. No matter your opinion on jailbreaking, every sensible person would want their phone to be as secure as possible. This exploit is just that, an exploit. The hole should be closed to ensure the integrity of the device, and the data on that device.
This isn't about the politics of jailbreaking at all.

Glenn#IM says:

Folks, read the tech news reference what the criminals are looking at. There are so many iPhones, iPads, and more. As they become more popular, the criminal element is now looking hard at these devices. Case in point, wallpaper program that on the user end looked like any other type of nice wallpaper, but the criminal developer in China was obtaining personal information from the user's device. They will attack your device by any means. Jailbreaking could be just one way. It may not be the jailbreak program at all, but the app you downloaded from the new non apple app store that just did not have the same security. Even apple with all it's checks had the same rotten app problem. What can be obtain you ask. You location, your address book/contacts. Any information on the device. You iTunes account ingirmation. Horror stories on that one. How quick we forgot. A friend told me she was charged 400bucks in iTunes. It was not close to her normal activity, and not even her bank or apple question it. Just be careful. I am not against jailbreak, but it is a new venue for the bad guy. Be careful.

Anamosity says:

Devteam rocks! Right now the only protection against that vulnerability is provided by jailbreaking your iPhone. This is only on of several exploits that has been bright to attention by the jailbreakme method. Others do exist that very few know about. Luckily, as soon as this one gets patched, devteam has more to work with. Jailbreakers are doing apple a favor by finding them. Let's see how fast they fix them.

Rene Ritchie says:

Folks, please read the post carefully. This has NOTHING TO DO WITH JAILBREAK. This is about the seriousness of a web-based, zero-day exploit in the wild.
The only connection to Jailbreak is that Comex found and used it first, but a bad guy could just as easily use it as well, whether or not you happen to be Jailbroken.
(Though hopefully Comex reported it to Apple the moment he found it so they could get a fix deployed asap).

imop45 says:

I'm kinda glad I have a Palm Pre. To "jailbreak" you just type in the Universal Search "upupdowndownleftrightleftrightbastart" and a dev app comes up.
Almost all patchs are OTA, and the whole phone is super open.
to close down the "jailbreak" while still retaining OTA access, you just pull up the dev app again.
simple as one two three, and no worries abt jacking things up too bad.
Apple has made it seem like hacking is the devils work-its not 1980 anymore.