SecurityOracle.com - Latest Security News, iPhone At Risk From Security Flaw
Security Equipment
  security vacancies and security news
 
The Security Industry's Portal
Friday, February 10, 2012
Featured Company
Camberford Law Plc
Insurance Brokers to the Security Industry

News Story

iPhone At Risk From Security Flaw

iPhone At Risk From Security Flaw

Date: Wednesday, August 04, 2010
Source: BBC News

 
The PDF exploit currently only exists in theory, although experts say that could change Security firms are warning of a vulnerability in Apple's iOS for iPhone, iPad and iPod.

Symantec said that it could be exploited by remote attackers to take complete control of a vulnerable device.

Experts said that the threat, at present, only exists on paper but that Apple need to issue a fix before it becomes a reality.

Apple said that the company was aware of the report and was investigating.

The problem lies in the way Apple's Mobile Safari handles Adobe Acrobat PDF documents.

As the browser automatically opens PDF files, a hacker could embed malicious code into this file.

Graham Cluley, a computer security expert with Sophos, told BBC News that the exploit used the same principle as Jailbreakme - a utility that lets iPhone 4 owners run non-Apple approved applications - although it uses the exploit in a benign way.

"It uses the same tricks as you do when jailbreaking," said Mr Cluley.

"We always thought that Apple's Mobile Safari would be the main vulnerability.

"At present, we have yet to see any of these exploits out in the wild, but it is only a matter of time," he warned.

In an ironic twist, the only way of preventing Mobile Safari from automatically opening PDF files is by jailbreaking a phone and installing an application, called PDF Loading Warner, that then asks for permission every time the browser tries to open a PDF file.

US authorities declared it was legal for users to jailbreak their phones. "I personally wouldn't want to jailbreak my phone to get the fix," said Mr Cluley.

He suggested that concerned users may want to switch to an alternative web browser, such as Opera, although he stressed that they had not yet checked these systems for exploits.

"Right now, its all eyes on Apple who we hope are going to fix this problem as soon as possible.

"Historically, Apple have been slow to fix problems on their Mobile browser.

"This has been a concern of ours in the past and continues to be," he added.

In an ironic posting on Twitter, one of the developers behind Jailbreakme - who uses the handle "comex" - speculated: "how long until a fix is released?"

Apple have yet to release a patch that would either prevent Jailbreak from working or close the highlighted security flaw.



BBC News

<< Back Print Article Send to a Friend >>
Security Links Contact Us Security News Archive About Us Advertise Disclaimer Site Map Online Dating Uniform Dating
Copyright 2011 - NSI (HQ) Ltd

iPhone At Risk From Security Flaw

iPhone At Risk From Security Flaw

Date: Wednesday, August 04, 2010
Source: BBC News

 
The PDF exploit currently only exists in theory, although experts say that could change Security firms are warning of a vulnerability in Apple's iOS for iPhone, iPad and iPod.

Symantec said that it could be exploited by remote attackers to take complete control of a vulnerable device.

Experts said that the threat, at present, only exists on paper but that Apple need to issue a fix before it becomes a reality.

Apple said that the company was aware of the report and was investigating.

The problem lies in the way Apple's Mobile Safari handles Adobe Acrobat PDF documents.

As the browser automatically opens PDF files, a hacker could embed malicious code into this file.

Graham Cluley, a computer security expert with Sophos, told BBC News that the exploit used the same principle as Jailbreakme - a utility that lets iPhone 4 owners run non-Apple approved applications - although it uses the exploit in a benign way.

"It uses the same tricks as you do when jailbreaking," said Mr Cluley.

"We always thought that Apple's Mobile Safari would be the main vulnerability.

"At present, we have yet to see any of these exploits out in the wild, but it is only a matter of time," he warned.

In an ironic twist, the only way of preventing Mobile Safari from automatically opening PDF files is by jailbreaking a phone and installing an application, called PDF Loading Warner, that then asks for permission every time the browser tries to open a PDF file.

US authorities declared it was legal for users to jailbreak their phones. "I personally wouldn't want to jailbreak my phone to get the fix," said Mr Cluley.

He suggested that concerned users may want to switch to an alternative web browser, such as Opera, although he stressed that they had not yet checked these systems for exploits.

"Right now, its all eyes on Apple who we hope are going to fix this problem as soon as possible.

"Historically, Apple have been slow to fix problems on their Mobile browser.

"This has been a concern of ours in the past and continues to be," he added.

In an ironic posting on Twitter, one of the developers behind Jailbreakme - who uses the handle "comex" - speculated: "how long until a fix is released?"

Apple have yet to release a patch that would either prevent Jailbreak from working or close the highlighted security flaw.



BBC News

Courtesy of SecurityOracle.com - The Secury Industry's Portal