Home / News / Mobile Phone News / Critical Flaw Found On iDevices

Critical Flaw Found On iDevices

David Gilbert

by

Apple Security Flaw

A “critical weakness” which could affect iPhones, iPads and iPod touches has been discovered by German security experts, which could see malicious downloaded software allow access to owners’ personal details.

The wonderfully titled Bundesamt für Sicherheit in der Informationstechnik (more boringly known as the federal office for information security) in Germany has discovered that clicking on an infected PDF file "is sufficient to infect the mobile device with malware without the user's knowledge." This flaw has been found on several versions of Apple’s iOS software including 4.3.3 and possibly the upcoming iOS 5 update. Affected devices include the iPhone 3GS, iPhone 4, iPad, iPad 2 and iPod touch.

Iphone, ipad, ipod touch security flaw

The problem could occur when users open a web page containing an infected PDF file which could be downloaded without the users' knowledge. This could give criminals access to your account information, passwords, emails, photos, or even let them listen in to phone conversations – a revelation which couldn’t come at a worse time with the current phone hacking scandal in the UK at the moment. Apple in Germany has told the Associated Press that it is aware of the warning but would not comment on it. The discovery was made by a group of hackers working on a jailbreak for the iPhone and this group has kindly put a fix for the vulnerability on its jailbreakme.com website.

While no attacks taking advantage of it have been reported so far, "it must be expected that attackers will soon exploit the weak points", the German agency said.

Jailbreakme 3.0

In related news the iPad 2 can now be jailbroken thanks to the aforementioned group, with JailbreakMe 3.0 which utilizes the PDF vulnerability - which you can then patch with PDF Patcher 2 once you jailbreak your iPad 2. JailbreakMe 3.0 works for iPhones and iPod touches too using virtually any version of the iOS software.

Source: Guardian and JailBreakMe

Simon

July 7, 2011, 6:15 pm

The pdf file format really does seem to be a pile of rubbish if the number of exploits for it are anything to go by.

Martin Daler

July 7, 2011, 9:20 pm

"a revelation which couldn't come at a worse time with the current phone hacking scandal"

I do so hate it when weak minded Journos deliberately conflate two distinct issues. The rest of us know that the mis-named 'phone hacking' scandal has nothing whatsoever to do with listening into mobile phone conversations.

Arctic Fox

July 9, 2011, 5:15 am

@Martin Daler

On this occasion I disagree. Whilst the technical issues are entirely different of course, the conflation of the different ways that ones phone can end up insecure in the public mind is both likely and, IMO, understandable. After all the common factor is that someone can interfere with your communications - *that* is what concerns the general public, not what technical means was used to do it.

Martin Daler

July 9, 2011, 8:17 pm

@Arctic Fox
You have pointed up exactly why it is such slack journalism. In the public mind thoughts can slip too easily from mailbox hacking into telephone tapping, wilfully helped along by the media (calling it 'phone hacking') because that is a far bigger fear to play on. Good journalism would put truth in clear focus, not blur the distinctions.

The recent brouha has been nothing to do with telephone tapping, which as you acknowledge is technically a totally different (and far more challenging) thing than hacking a mailbox. The easy implication of this story is that mailbox hacking and telephone tapping is all part of the same story, when nothing could be further from the truth. But it is a bigger button to press in the public consciousness, so what the, let's press it anyway.

The only excuse I could see for relating the two different issues would be to explicitly suggest that in a journalistic culture which fosters mailbox hacking a phone which offers easy telephone tapping would be their next playground.

comments powered by Disqus