iPad and iPhone users should be extra careful when processing PDF files until a patch emerges for this new zero day attack.
Jailbreakme Takes Advantage of 0-day PDF Vuln in Apple iOS Devices
QUOTE: Three days ago a new version (v3) of Jailbreakme (aka jbme3.0), the website used to jailbreak Applie iOS devices (such as iPhone, iPod Touch and iPad), was released. The site takes advantage of userland-based exploits to take full control of these devices by simply visiting a web page. This v3 version makes use of a 0-day PDF vulnerability on a first stage, and a iOS kernel vulnerability to elevate privileges on a second stage.
The common but not very realistic recommendation applies: do not open “malicious” PDF files or visit untrusted websites (using Mobile Safari)! I always wonder how end users can determine if a PDF or web page is malicious before opening it… probably those that contain the word malicious on its name or domain name 🙂