Critical vulnerability found in Apple’s iPhone, iPad operating system
This article was originally on a blog post platform and may be missing photos, graphics or links. See About archive blog posts.
Surfing to the wrong Web page or opening the wrong PDF file on your iPhone could allow hackers to take over the device, Germany’s information security agency said.
In a report released Thursday (available in German here), Germany’s Federal Office for Information Security warned about a critical vulnerability in the way iOS devices (the iPad, iPhone and iPod Touch) deal with PDF files. A hacker exploiting that weakness, the report said, would be able to gain access to a users’ ‘confidential information’ including passwords, email, and bank data.
Apple said it is working on the issue.
‘Apple takes security very seriously,’ said Trudy Muller, a company spokeswoman. ‘We’re aware of this reported issue and developing a fix that will be available to customers in an upcoming software update.’
Muller did not offer a specific timeline for the fix.
The iPhone operating system has faced similar security holes in the past, including in 2009 when security researchers demonstrated a way for hackers to take over the phone by sending it a malicious text message. Earlier this year, one of the same researchers, Charlie Miller, found a way to break into the iPhone 4 when a user surfs to a booby-trapped website.
Apple has since fixed both vulnerabilities.
Though companies often stress that the mere presence of a vulnerability does not mean hackers are actively or widely using it, the German report noted that ‘although no attacks have been observed, it is expected attackers will exploit the weaknesses as quickly as possible.’
To avoid this and other types of malicious attacks, users should steer clear of strange websites, especially those mentioned in suspicious emails or social networking messages.
-- David Sarno