Apple has confirmed that it is working on security patches for two milestone security flaws that make it feasible for an attacker to remotely jailbreak your iPhone and install malicious programs, according to this CNET report.
No such attacks are actually taking place yet, says Symantec researcher Kevin Haley, adding that the vulnerability also affects the iPad and the iPod touch.
Jailbreaking iPhones to load Web apps not approved by Apple used to be difficult. And anyone who did so to his or her iPhone risked Apple shutting down service, or “bricking” the device. But there’s a popular jailbreaking app available at jailbreakme.com. And the Electronic Frontier Foundation recently won a federal ruling banning Apple from bricking jailbreaked iPhones.
Until now, there was no known way for an attacker to remotely jailbreak into someone else’s iPhone. Germany’s Federal Office for Information Security issued a warning that the newly disclosed security flaws could allow an attacker to read passwords and e-mails, eavesdrop on calls and use the built-in camera phone.
No word from Apple as of late Wednesday when the security patches might be available.