Apple has confirmed that it is working on security patches for two milestone security flaws that make it feasible for an attacker to remotely jailbreak your iPhone and install malicious programs, according to this CNET report.

No such attacks are actually taking place yet, says Symantec researcher Kevin Haley, adding that the vulnerability also affects the iPad and the iPod touch.

Jailbreaking iPhones to load Web apps not approved by Apple used to be difficult. And anyone who did so to his or her iPhone risked Apple shutting down service, or “bricking” the device. But there’s a popular jailbreaking app available at jailbreakme.com. And the Electronic Frontier Foundation recently won a federal ruling banning Apple from bricking jailbreaked iPhones.

Until now, there was no known way for an attacker to remotely jailbreak into someone else’s iPhone. Germany’s Federal Office for Information Security issued a warning that the newly disclosed security flaws could allow an attacker to read passwords and e-mails, eavesdrop on calls and use the built-in camera phone.

This raises major security questions:

How quickly will cybercriminals move to remotely exploit these zero day vulnerabilities?

Will vulnerability research by grey hats and black hatsÃ‚Â accelerate now that remote jailbreaking is possible?

How soon before malware to scam consumers and drive deeper into corporate systems via jailbroken, malware-carrying iPhone, iPads and iPods become common place?

LastWatchdog is seeking some answers. No word from Apple as of late Wednesday when the security patches might be available.

By Byron Acohido

August 5th, 2010 | Imminent threats | Top Stories