I think the issue is not their security team, who seem to do quite a good job securing iOS (which I'd consider one of, if not the most, secure consumer operating systems out there). The issue is that securing an OS is hard. It's hard to make it that someone with physical access to the device cannot just run code on it, which is what jailbreaking (in its purest form, on iOS devices) is.
Arbitrary code execution is different than requiring physical access to the device. The JailbreakMe site could have run malicious code and it could have spread itself and run without the user knowing.
I was talking about the majority of jailbreaks, not JailbreakMe. Most jailbreaks are done at the low-level bootloader level, which does require physical access to the device (as well as pressing a bunch of buttons in a certain way); and even that doesn't get you access to the keychain or anything it protects.
Also, even if JailbreakMe was malicious (or somebody used the same code or exploits in a malicious way), it could not "spread itself": it was a browser exploit (although it would be possible to run without the user knowing).
> Also, even if JailbreakMe was malicious (or somebody used the same code or exploits in a malicious way), it could not "spread itself": it was a browser exploit (although it would be possible to run without the user knowing).
It could certainly spread. Maybe it could SMS a link to a malicious download to your most frequently contacted contacts? Being able to run arbitrary code on a device that knows how to contact all your friends certainly introduces some vectors for attack.
It's a font-based exploit, not PDF. The particular implementation on JailbreakMe used a PDF, but it could easily work in @font-face with CSS on any webpage (or, as we did on JailbreakMe, just hiding an <iframe> to the PDF).
