Apple is rushing to fix a security hole found in its iOS mobile software following a stern warning from a German IT security department.
The Associated Press is reporting that Germany’s Federal Office for Information Security found that flaw stems from clicking on an infected PDF file, which “is sufficient to infect the mobile device with malware without the user’s knowledge.” That opens the door for the user’s passwords, emails, text messages, emails and almost anything else stored on the iPhone, iPad or iPod touch in question.
Apple’s response:
Apple Inc. spokeswoman Bethan Lloyd said Thursday the company is “aware of this reported issue and developing a fix that will be available to customers in an upcoming software update.”
Apparently this is damaging on “several versions” of iOS, but not all. The Guardian has cited specifics:
The problem may occur on iPhone 3GS, iPhone 4, iPad, iPad 2 and the iPod Touch with software versions including iOS 4.3.3, and it “cannot be excluded” that other iOS versions – including the iOS 5 due in September – have the same weakness, said the Bonn-based federal bureau.
The security gap was originally uncovered by a group of hackers trying to jailbreak an iPhone. Some third-parties who produce jailbreaking software have already posted patches. However, it appears that this problem, related to PDF files, is different from the recent zero-day font vulnerability found in JailbreakMe.com. That doesn’t necessarily mean they are unrelated, but just different.
As ZDNet’s Adrian Kingsley-Hughes reports, there is a debate over whether or not jailbroken iPhones and other iOS devices are actually safer or not. But a patch from Apple for this specific problem is still needed immediately.
All of this follows the recent discovery that Apple could also be a target of the AntiSec campaign, adding fuel to the theory that the Cupertino, Calif.-based company could be the “Holy Grail” for hackers.