Apple's PDF reader poses major security risk on iPhone, iPad, iPod - government
Security flaws in PDF reader
• No patch exists
• iPhone, iPad, iPod vulnerable
APPLE'S iPhone, iPad, and iPod Touch have serious security problems, a German government agency claims.
In an official warning overnight, the Federal Office for Information Security said Apple's iOS operating system has "two critical weak points for which no patch exists".
Opening a manipulated website or a PDF file could allow criminals to spy on passwords, planners, photos, text messages, emails and even listen in to phone conversations, the agency said.
"This allows potential attackers access to the complete system, including administrator rights," it added, urging users not to open PDF files on their mobile devices and only use trustworthy websites until Apple publishes a software update.
A spokesman for Apple in Germany, Georg Albrecht, told The Associated Press that the company is looking into the matter.
"We know these reports and are investigating them," he said, refusing to elaborate.
Although no attacks have been observed yet they were likely to appear soon, the German agency said.
"It has to be expected that hackers will soon use the weak spots for attacks," it said, noting that the devices' popularity could lead to attacks within the corporate world - possibly facilitating industrial espionage.
The security loophole became obvious after reports about a successful hacking of Apple's iOS operating system emerged on Monday, a spokeswoman for the agency, Katrin Alberts, said.
"Since then, information used in this hack is publicly available and can be used to infect an iOS device simply by opening a specially crafted PDF file," she said.
The application targeted in such an attack, Ms Alberts noted, is not Adobe's Acrobat reader which allows users to view PDF files, but Apple's internal application for opening those files on its iOS devices.
"We decided to communicate this proactively because a potential attacker may gain access to the entire device," Ms Alberts said.
The federal agency, based in Bonn, said it was in contact with Apple on the issue.
The warning relates to iPhones using iOS versions 3.1.2-4.0.1., iPads using iOS 3.2-3.2.1 and iPods Touch using iOS 3.1.2.-4.0.
The agency said it was possible but not clear whether older iOS or iPhone OS versions could also be affected.
With their mobile devices, users should not only stay clear of PDF files they get by email, but also of those found via search engines, as they could be infected, Ms Alberts said.
In the worst case, attackers could get hold of passwords, banking and other personal data.
A user's contacts could also be used for sending spam emails, she said.
Link here:
http://www.news.com.au/technolog ... sd1vk-1225901440248