[real-eyes] iPhone at risk from security flaw
- From: Steven Clark <kcpadfoot@xxxxxxxxx>
- To: real-eyes@xxxxxxxxxxxxx
- Date: Wed, 04 Aug 2010 08:04:35 -0500
iPhone at risk from security flaw
04 August 10 07:12 ET
Apple iPhone
By Daniel Emery
Technology reporter, BBC News
Security firms are warning of a vulnerability in Apple's iOS for iPhone,
iPad and
iPod.
Symantec said that it could be exploited by remote attackers to take
complete control
of a vulnerable device.
Experts said that the threat, at present, only exists on paper but that
Apple need
to issue a fix before it becomes a reality.
Apple said that the company was aware of the report and was investigating.
The problem lies in the way Apple's Mobile Safari handles Adobe Acrobat
PDF documents.
As the browser automatically opens PDF files, a hacker could embed
malicious code
into this file.
Graham Cluley, a computer security expert with Sophos, told BBC News
that the exploit
used the same principle as Jailbreakme - a utility that lets iPhone 4
owners run
non-Apple approved applications - although it uses the exploit in a
benign way.
"It uses the same tricks as you do when jailbreaking," said Mr Cluley.
"We always thought that Apple's Mobile Safari would be the main
vulnerability.
"At present, we have yet to see any of these exploits out in the wild,
but it is
only a matter of time," he warned.
Jailfixed
In an ironic twist, the only way of preventing Mobile Safari from
automatically opening
PDF files is by jailbreaking a phone and installing an application,
called PDF Loading
Warner, that then asks for permission every time the browser tries to
open a PDF
file.
"I personally wouldn't want to jailbreak my phone to get the fix," said
Mr Cluley.
He suggested that concerned users may want to switch to an alternative
web browser,
such as Opera, although he stressed that they had not yet checked these
systems for
exploits.
"Right now, its all eyes on Apple who we hope are going to fix this
problem as soon
as possible.
"Historically, Apple have been slow to fix problems on their Mobile browser.
"This has been a concern of ours in the past and continues to be," he added.
In an ironic posting on Twitter, one of the developers behind
Jailbreakme - who uses
the handle "comex" - speculated: "how long until a fix is released?"
Apple have yet to release a patch that would either prevent Jailbreak
from working
or close the highlighted security flaw.
To subscribe or to leave the list, or to set other subscription options, go to
www.freelists.org/list/real-eyes
Other related posts:
