Originally Posted by jragosta
It would help if you read my entire post:
I specifically stated: "Yes, this is a serious flaw that needs to be fixed."
It is NOT a problem that's going to affect many people at this point since you have to intentionally go to the site and intentionally tell it to jailbreak your phone. That doesn't mean it shouldn't be (or won't be) fixed. It just means that it's not hurting anyone at this point. You can be sure Apple will fix it.
Yes, I did see the wiggle room you tried to give your self in attempting to minimize the scope of the problem here. The problem is that you look really foolish saying "Yes, this is a serious flaw that needs to be fixed" and the following that up with "It's not at this point a serious issue". So, saying it is a serious problem but not a serious problem doesn't add more to your credibility.
Unfortunately, you are wrong in the excuses you tried to use. Who gives a fuck what this particular site requires to use the exploit, in terms of the user having to initiate it. The problem is that this exploit is in the wild. The problem is that it might affect sites you trust. The problem is that it could be crafted not to require user authorization and or hide what you are actually authorizing. The problem is that if you have been using your browser over the last few days to read a PDF (or a PDF from another source) you might have been jacked...you just don't know it. In fact, it doesn't matter how many people visit this site. Could be millions. How cares? That site is not the risk.
It is a serious issue. And I am certain Apple will fix it. They already did over a month ago on Mac OS X, so they should be able to get it out very quickly for iOS.