Apple Insider reports the browser-based jailbreak for iOS devices, including the latest iPhone 4, takes advantage of a "scary" PDF security hole that could be used to hack Apple's mobile devices by having the user visit an infected website.
Sean Sullivan, security advisor with F-Secure Corporation, revealed on Tuesday the technical details of the jailbreak process, which is done entirely in the Mobile Safari browser. The jailbreakme.com site includes 20 separate PDFs for different combinations of hardware and firmware.
The same PDF files crash both Adobe Reader and Foxit on Windows platforms, relying on a corrupt font. On the iPhone, PDF viewing is built into the Safari browser, and the attack crashes the Compact Font Format handler.
Sullivan also linked to comments made via Twitter by security researcher Charlie Miller, who was also analyzing the code behind the browser-based jailbreak.
"Very beautiful work," Miller wrote. "Scary how it totally defeats Apple's security architecture."