Jailbreak for iOS 4.3.3 dents iPhone security
A new untethered jailbreak, JailbreakMe 3.0 for the iPhone and iPad, exploits an issue in Mobile Safari's PDF renderer. Untethered jailbreaks can be performed without the use of a USB cable and a PC or Mac. This means that, like last year's JailbreakMe 2.0, the vulnerabilities that the new jailbreak uses could potentially be exploited by malicious persons to attack Apple's mobile devices. Last year's hole was closed ten days later when Apple updated the firmware and no malicious exploit was seen in the wild.
The author of jailbreakme.com is not concerned with the security implications. In the FAQ he says "There's always a first time, but I think there's a good chance the security impact of these vulnerabilities will remain theoretical". A patch has been made available for the PDF vulnerability, but it can only be installed on a jailbroken device; the patch is available from the Cydia installer and is called pdfpatch2.
Currently the Jailbreakme.com site works with iOS 4.3 through to 4.3.3 on most iOS device, iOS 4.3.3 on iPad 2s and iOS 4.2.6 to 4.2.8 on iPhone CDMA devices. iOS 4.3.1 on iPod Touch 3G is also not supported. iOS 5.0 betas are not supported. More details are available in the dev-team blog.