iPhone iPad vulnerable to remote attack.

03Aug10

This is significantly scary stuff. A vulnerability has been discovered in iOS 4 that allows a remote party to compromise an iPhone or iPad simply by visiting a website.

The vulnerability has been made available by well intentioned ‘hackers’ to jailbreak iPhones and iPads such that applications other than those approved by Apple can be run on the devices. Its possible to jailbreak your own device by visiting a website set-up by the hackers (Google for it, if you want to.)

The problem is that the same vulnerabilty could be used for malisious purposes. The exploit method is to load a specially crafted PDF file into Safari, that installs code on the phone and ‘opens’ it up for further exploit. The attack could be activated by pressing a link on a web page, via email, or even a link sent in an SMS.

There is no such thing as third party anti-virus or anti-malware for the iPhone and there is no way to switch off the vulnerable PDF reader, so right now the only defense for iPhone and iPad users is to practice safe browsing, and not to load PDF’s from untrusted sources.

To see the location of a link before clicking on it, press and hold the link, the URL will be displayed in the slide up menu, however even this can not be relied upon as long links get truncated and URLs often don’t disclose the type of media it links to.

iPhone vulnerabilities have been found in the past. iOS 1 (then called iPhone OS 1) had a very similar flaw that was again used to jailbreak the iPhone. And back at CanSecWest’s Pwn 2 Own competition an iPhone 3GS was hacked, but the exploit was far more involved.

I try to be careful not to overstate security issues, but this is a real threat and needs to be taken seriously. Its not a matter of if, but when this vulnerability will become ‘weaponised’. iPhone users are at the mercy of Apple to release a fix, and this is something that Apple has been slow to do in the past.

Like this:

Be the first to like this post.

Filed under: Apple, iPad, iPhone | Leave a Comment
Tags: Apple, hack, ipad, iPhone, jailbreak, pwn, security, vulnerability

No Responses Yet to “iPhone iPad vulnerable to remote attack.”

Feed for this Entry Trackback Address

Leave a Comment

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

Blogroll
- Brisbane Photo Blog
Search
Email Subscription

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2 other followers
Twitter
- @pdfmaps Bug in app, when in app purchase off, spinning wheels never stop. Tell user something, otherwise they expect something will happen. 1 week ago
- Does anyone know if Avenza @pdfmaps is using Apple sanctioned in-app purchase system? Or is the app about to be pulled? 2 weeks ago
- @pdfmaps Can you give me an example of a paid for map? I am testing pdfMaps. Thx 2 weeks ago
- Niggle with iView... http://t.co/W6iM5EeW 3 weeks ago
- Q: Which laptop should I buy? http://t.co/YCbYjbbS 3 months ago