Workaround: use Opera browser (and be careful opening .pdfs in mail)
Apple is working on a fix for the much-publicized .pdf vulnerability in the iPhone – and might be putting the finishing touches on one – but it looks like it might be a while before it is available.
This isn’t a small problem. There could be nearly 100 million vulnerable iPhones and iPod Touches out there at this point. In the spring, Steve Jobs said that more than 50 million iPhones and 35 million iPod touches had been sold. According to the Wall Street Journal’s “Market Beat” blog, the company is projecting sales of 12 million of the new iPhones by the end of the third quarter (Sept. 30.)
It also isn’t an insignificant problem, since it is very convenient to do one’s banking in the phone’s browser.
There are actually two vulnerabities in the phone that were made public over the weekend. The first is in the Apple operating system software that parses fonts in PDF files. A malicious operator could inject code into the phone’s document-viewing application.
The second vulnerability allows an application to operate outside of the phone’s security sandbox and gain root access.
Using an alternate browser such as Opera might be a good workaround until the problem is resolved. Opera will ask for confirmation before it opens and then renders a PDF file inside Apple s PDF viewer.
Here is a screen shot of the Opera browser asking for permission to open a .pdf file:
(Click to enlarge)
The Opera browser is available in Apple App Store (http://itunes.apple.com/app/opera-mini-web-browser/id363729560).
It’s ALSO important that users exercise caution opening PDF attachments from unknown sources inside of the Apple Mail application.