Steve Jobs may have another reason to keep Adobe on his enemies list (alongside the Copyright Office and the Congressional Librarian, which has deemed jailbreaking of smartphones legal): Hacking your iPhone and iPad to run non-Apple approved software has just gotten a lot easier with a newly released mobile app called JailbreakMe, which reportedly exploits a vulnerability in PDFs, not in Safari as previously thought.
Those who initially pinned Safari for the exploitable vulnerability deserve a little slack, given that it's the second most vulnerable application out there today, according to security firm Secunia. But now word has it that JailbreakMe -- which runs directly on an iDevice instead of requiring a PC -- uses an exploit in a component for displaying PDF files. According to PC World's Mike Keller, "The hack simply uses Safari (which can obviously view PDFs) to load a custom file containing the jailbreak code."
[ Take InfoWorld's tour of the 21 apps Apple doesn't want on your iPhone. | Also on InfoWorld: The feds recently lifted restrictions on jailbreaking Apple iPhones. | Stay ahead of advances in mobile technology with InfoWorld's Mobile Edge blog and Mobilize newsletter. ]
Notably, Adobe did publish a work-around for a PDF vulnerability in April: The "Launch Actions/Launch File" function in Adobe Reader allows the launching of scripts or EXE files embedded in PDF files. It certainly sounds like the vulnerability that JailbreakMe exploits. Perhaps someone in the security research community will be able to confirm or deny that possibility. But whatever the case, Adobe is to thank or to blame -- depending on your perspective -- for the effectiveness of JailbreakMe.