Zero-day vulnerabilities in several versions of Apple’s iOS allow malware to be transferred from infected PDFs onto devices, allowing criminals to access confidential data, according to the German Federal Office for Information Security.
Apparently the problem may affect iPhone 3GS, iPhone 4, iPad, iPad 2 and iPod Touch devices with software versions up to iOS 4.3.3.
The German agency said that no attacks exploiting these weaknesses have so far been reported but users are urged not to open PDFs of unknown origin.
“If things turn bad and we see an iPhone outbreak via the new PDF vulnerability, there’s not much you can do,” said Mikko Hypponen of the security company F-Secure to the Guardian newspaper. “There are no antiviruses available on the iPhone.”
Apple is yet to offer a patch for the flaw, which was reportedly discovered by a team of hackers working on software to “jailbreak” the iPhone, known as Jailbreakme.com. The group has also offered a patch, but installing it requires the user to jailbreak their phone.
Jailbreakme announced yesterday the latest version of its jailbreaking software, Jailbreakme 3.0.
Creator of the Jailbreakme , ‘Comex’, writes on the site: “Along with the jailbreak, I am releasing a patch for the main vulnerability which anyone especially security conscious can install to render themselves immune; due to the nature of iOS, this patch can only be installed on a jailbroken device. Until Apple releases an update, jailbreaking will ironically be the best way to remain secure.”
However, senior technology consultant at Sophos Graham Cluley warns that while Jailbreakme appears not to have malicious intentions it still provides a blueprint for criminals.
“Apple will be furious that this vulnerability has been made public in this way, and that they have not yet got an official patch to protect their millions of users,” he wrote on the Naked Security blog.
“I don’t want to be a party pooper for those who wish to jailbreak their Apple devices, but it’s essential that Apple closes this vulnerability as quickly as possible before it is abused with malicious intent.”
Apple has sold more than 200 million iPhones, iPads and iPod Touches.
Responding to previous media reports, Jailbreakme’s ‘Comex’ wrote: “I did not create the vulnerabilities, only discover them. Releasing an exploit demonstrates the flaw, making it easier for others to use it for malice, but they have long been present and exploitable. Although releasing a jailbreak is certainly not the usual way to report a vulnerability, it still has the effect of making iOS more secure in the long run.”
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…