July 7, 2011

Security Experts Warn Against Flaw In Apple iOS

Security experts are saying that hackers have disclosed a bug in Apple Inc.'s mobile operating system that could be exploited by criminals looking to gain remote access over iPhones, iPads and iPod Touch devices.

The security flaw in Apple's iOS was noticed Wednesday as the website www.jailbreakme.com released code that Apple customers can use to modify the iOS operating system.

Some Apple customers choose to "jail break" their devices so they can download and run applications Apple did not approve for use in its App Store.

Security experts said that criminal hackers could download that code, reverse engineer it to identify a hole in iOS security and build a piece of malicious software in just a few days.

"If you are a malicious attacker, it is fairly doable," Patrik Runald, a senior researcher with the Internet security firm Websense, told Reuters.

An Apple spokesperson said the company was aware of the problem.

The spokesperson told The Telegraph, "Apple takes security very seriously, we're aware of this reported issue and developing a fix that will be available to customers in an upcoming software update."

Apple has been battling hackers who jail break its mobile devices since the first generation iPhone.

Apple has sold 25 million iPads since it launched in 2010, and the company has sold over 18 million iPhones in just the first three months of 2011.

Hackers could exploit this iOS vulnerability by creating a malicious PDF document file.

Once the device is infected, hackers could steal passwords, documents and emails.

The German Federal Office for Information Security said that no attacks had been detected but warned:  "Possible attack scenarios for cyber-criminals include the reading of confidential information (passwords, online banking data, calendars, e-mail content, text or contact information), access to built-in cameras, the interception of telephone conversations and the GPS localization of the user."

BSI warns on its website against opening PDFs from unknown sources until Apple patches the flaw.


On the Net: