Two weeks ago, two vulnerabilities were disclosed on iPad, iTouch, and iPhones. In a nutshell:
- A buffer overflow in FreeType allowed arbitrary code execution from specially crafted pdf files
- An integer overflow in IOsource allows gaining system privilege
Combining both exploits, it is possible to take control of the devices. A site JailBreakMe.com used it to easily jailbreak iPhones and iPads. Jailbreaking allows to use a different network operator than the one locked by the manufacturer, in the case of Apple ATT Interestingly, since end of July, jailbreaking is legal in the US.
Apple has just issued new versions that correct these flaws: iOS 3.2.2 for iPads and iOS 4.0.2 for iPhones. It is a good thing because these vulnerabilities could be used for more than jailbreaking (although Apple may not have the same appreciation on jailbreaking)