When does Apple expect to issue that fix? The company won’t say.

[Image credit: Engadget]

The flaw was first demonstrated Thursday. “This is serious. The only thing you can do to prevent it is turn off your phone,” security researcher Charlie Miller said of it earlier this week. “Someone could pretty quickly take over every iPhone in the world with this.”

Well, not anymore, as Apple (AAPL) was quick to note. “This morning, less than 24 hours after a demonstration of this exploit, we’ve issued a free software update that eliminates the vulnerability from the iPhone,” said an Apple spokesperson. “Contrary to what’s been reported, no one has been able to take control of the iPhone to gain access to personal information using this exploit.”

The flaw was first demonstrated Thursday. “This is serious. The only thing you can do to prevent it is turn off your phone,” security researcher Charlie Miller said of it earlier this week. “Someone could pretty quickly take over every iPhone in the world with this.”

Well, not anymore, as Apple (AAPL) was quick to note. “This morning, less than 24 hours after a demonstration of this exploit, we’ve issued a free software update that eliminates the vulnerability from the iPhone,” said an Apple spokesperson. “Contrary to what’s been reported, no one has been able to take control of the iPhone to gain access to personal information using this exploit.”

Two and half weeks or longer to wait for a critical patch.

In the meantime, exploits for the flaw will no doubt grow in number and cunning–a nightmare since the PDF format and Adobe’s related apps are so widely used. “Right now we believe these files are only being used in a smaller set of targeted attacks,” security group Shadowserver said in an advisory on the matter. “However, these types of attacks are frequently the most damaging and it is only a matter of time before this exploit ends up in every exploit pack on the Internet.”

Shadowserver recommends disabling Javascript in Acrobat and Reader to limit exposure to such attacks. There are, of course, other solutions as well–Foxit for Windows users, Preview for Mac users, and Xpdf for Linux users.

Two and half weeks or longer to wait for a critical patch.

In the meantime, exploits for the flaw will no doubt grow in number and cunning–a nightmare since the PDF format and Adobe’s related apps are so widely used. “Right now we believe these files are only being used in a smaller set of targeted attacks,” security group Shadowserver said in an advisory on the matter. “However, these types of attacks are frequently the most damaging and it is only a matter of time before this exploit ends up in every exploit pack on the Internet.”

Shadowserver recommends disabling Javascript in Acrobat and Reader to limit exposure to such attacks. There are, of course, other solutions as well–Foxit for Windows users, Preview for Mac users, and Xpdf for Linux users.

Well, there’s a shocker. IE’s catalog of vulnerabilities and the security bulletins announcing them are so voluminous and overlarge at this point, it takes Security Focus 18 pages to list them all. So reports today that IE suffers from a vulnerability that affords attackers access to any sensitive data on your PC isn’t unusual. What is unusual is that the flaw–found in all Windows versions of the browser–has gone unpatched for so long that it’s being widely exploited. “Based on our stats, since the vulnerability has gone public, roughly 0.2 percent of users worldwide may have been exposed to Web sites containing exploits of this latest vulnerability,” the Microsoft Malware Protection Center said Saturday. “That percentage may seem low, however it still means that a significant number of users have been affected. The trend for now is going upwards: we saw an increase of over 50 percent in the number of reports today compared to yesterday.”

And that was three days ago (the Microsoft Malware Protection Center has been oddly silent the past few days).

What’s an IE user to do? Microsoft has a few suggestions–“follow our Protect Your PC guidance” (… BAHAHAHAHA)–but really, at this point it’s obvious what needs to be done. Find. Yourself. Another. Browser.

Here’s looking forward to the next browser market share report….

[Image credit: Bill Navarro]