Foxit Fix for “Jailbreak” PDF Flaw — Krebs on Security
One of the more interesting developments over the past week has been the debut of jailbreakme.com, a Web site that allows Apple customers to jailbreak their devices merely by visiting the site with their iPhone, iPad or iTouch. Researchers soon learned that the page leverages two previously unknown security vulnerabilities in the PDF reader functionality built into Apple’s iOS4.
Adobe was quick to issue a statement saying that the flaws were in Apple’s software and did not exist in its products. Interestingly, though, this same attack does appear to affect Foxit Reader, a free PDF reader that I often recommend as an alternative to Adobe.
According to an advisory Foxit issued last week, Foxit Reader version 4.1.1.0805
“fixes the crash issue caused by the new iPhone/iPad jailbreak program
which can be exploited to inject arbitrary code into a system and
execute it there.” If you use Foxit, you grab the update from within the
application (“Help,” then “Check for Updates Now”) or from this link.