Yep. This is a HUGE hole, allowing unrestricted code execution at root level. The kind of vulnerability that many here have claimed over and over can never happen on any Apple device. It's impossible, it's invulnerable, and anyone stating anything opposite was a liar and simply creating FUD.
And now we find that just visiting a website can compromise your entire iOS device at the root level.
Apple should have this hole closed today. Anything longer than that shows they really do NOT care about security. This is about the worst hole you could have in a MID (Mobile Internet Device).
Whether or not the Librarian of Congress says that jailbreaking is legal, Apple has no responsibility to support (i.e. not brick) the jailbroken phones, since that clearly voids the warranty.
I fully agree, and I don't think anyone is saying anything differently. The big change was that Apple can no longer come after you for jailbreaking your phone. But if you do, you're responsible for what happens.
If I were Apple I'd be pretty pissed off about now, and itching to correct the flaw that allowed this hack.
What's interesting - the hole exists in the PDF reader. The reader that APPLE wrote, since they deemed Adobe's reader as "too vulnerable" (and not so surprisingly, the Adobe Reader does not have this vulnerability). This is 100% on Apple's head, they created the hole, it's been distributed for at least 2.5 years, and there is NO WAY of knowing if it's ever been exploited, since any exploit can cover its tracks.
So much for the vaunted invulnerability of iOS!
No need to crow. :) I understand you’ve taken a lot of heat on the forum in the past about this, so a certain amount of “I told you so” is perhaps warranted. But let us move forward to encourage Apple to close this up pronto. No one benefits from -any- manufacturer having gaping holes lying around.