Apple Zero-Day Threat Revealed

Zero-day vulnerabilities in several versions of Apple’s iOS allow malware to be transferred from infected PDFs onto devices, allowing criminals to access confidential data, according to the German Federal Office for Information Security.

Apparently the problem may affect iPhone 3GS, iPhone 4, iPad, iPad 2 and iPod Touch devices with software versions up to iOS 4.3.3.

By giving attackers administrator rights, the malware could expose text messages, photos, passwords and planners as well as eavesdrop on telephone calls.

The German agency said that no attacks exploiting these weaknesses have so far been reported but users are urged not to open PDFs of unknown origin.

No official solutions

“If things turn bad and we see an iPhone outbreak via the new PDF vulnerability, there’s not much you can do,” said Mikko Hypponen of the security company F-Secure to the Guardian newspaper. “There are no antiviruses available on the iPhone.”

Apple is yet to offer a patch for the flaw, which was reportedly discovered by a team of hackers working on software to “jailbreak” the iPhone, known as Jailbreakme.com. The group has also offered a patch, but installing it requires the user to jailbreak their phone.

Jailbreakme announced yesterday the latest version of its jailbreaking software, Jailbreakme 3.0.

Creator of the Jailbreakme , ‘Comex’, writes on the site: “Along with the jailbreak, I am releasing a patch for the main vulnerability which anyone especially security conscious can install to render themselves immune; due to the nature of iOS, this patch can only be installed on a jailbroken device. Until Apple releases an update, jailbreaking will ironically be the best way to remain secure.”

Blueprint for criminals

However, senior technology consultant at Sophos Graham Cluley warns that while Jailbreakme appears not to have malicious intentions it still provides a blueprint for criminals.

“Apple will be furious that this vulnerability has been made public in this way, and that they have not yet got an official patch to protect their millions of users,” he wrote on the Naked Security blog.

“I don’t want to be a party pooper for those who wish to jailbreak their Apple devices, but it’s essential that Apple closes this vulnerability as quickly as possible before it is abused with malicious intent.”

Apple has sold more than 200 million iPhones, iPads and iPod Touches.

Responding to previous media reports, Jailbreakme’s ‘Comex’ wrote: “I did not create the vulnerabilities, only discover them. Releasing an exploit demonstrates the flaw, making it easier for others to use it for malice, but they have long been present and exploitable. Although releasing a jailbreak is certainly not the usual way to report a vulnerability, it still has the effect of making iOS more secure in the long run.”