Apple Zero-Day Threat Revealed

Zero-day vulnerabilities in several versions of Apple’s iOS allow malware to be transferred from infected PDFs onto devices, allowing criminals to access confidential data, according to the German Federal Office for Information Security.

Apparently the problem may affect iPhone 3GS, iPhone 4, iPad, iPad 2 and iPod Touch devices with software versions up to iOS 4.3.3.

By giving attackers administrator rights, the malware could expose text messages, photos, passwords and planners as well as eavesdrop on telephone calls.

The German agency said that no attacks exploiting these weaknesses have so far been reported but users are urged not to open PDFs of unknown origin.

No official solutions

“If things turn bad and we see an iPhone outbreak via the new PDF vulnerability, there’s not much you can do,” said Mikko Hypponen of the security company F-Secure to the Guardian newspaper. “There are no antiviruses available on the iPhone.”

Apple is yet to offer a patch for the flaw, which was reportedly discovered by a team of hackers working on software to “jailbreak” the iPhone, known as Jailbreakme.com. The group has also offered a patch, but installing it requires the user to jailbreak their phone.

Jailbreakme announced yesterday the latest version of its jailbreaking software, Jailbreakme 3.0.

Creator of the Jailbreakme , ‘Comex’, writes on the site: “Along with the jailbreak, I am releasing a patch for the main vulnerability which anyone especially security conscious can install to render themselves immune; due to the nature of iOS, this patch can only be installed on a jailbroken device. Until Apple releases an update, jailbreaking will ironically be the best way to remain secure.”

Blueprint for criminals

However, senior technology consultant at Sophos Graham Cluley warns that while Jailbreakme appears not to have malicious intentions it still provides a blueprint for criminals.

“Apple will be furious that this vulnerability has been made public in this way, and that they have not yet got an official patch to protect their millions of users,” he wrote on the Naked Security blog.

“I don’t want to be a party pooper for those who wish to jailbreak their Apple devices, but it’s essential that Apple closes this vulnerability as quickly as possible before it is abused with malicious intent.”

Apple has sold more than 200 million iPhones, iPads and iPod Touches.

Responding to previous media reports, Jailbreakme’s ‘Comex’ wrote: “I did not create the vulnerabilities, only discover them. Releasing an exploit demonstrates the flaw, making it easier for others to use it for malice, but they have long been present and exploitable. Although releasing a jailbreak is certainly not the usual way to report a vulnerability, it still has the effect of making iOS more secure in the long run.”

David Jamieson

Recent Posts

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

17 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

19 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

21 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

21 hours ago