“The popular Apple iPhone smartphone may be at risk from a security vulnerability that affects even those models that haven’t been hacked, or ‘jailbroken,’ according to new findings from a Swiss software engineer,” Andy Patrizio reports for eSecurityPlanet.
“Nicolas Seriot, an iPhone developer, presented his findings during a conference in Geneva on iPhone privacy. According to his research, malware could exploit a previously unknown hole to access a user’s e-mail accounts, Safari, and YouTube searches, keyboard cache content, and the Wi-Fi connection logs,” Patrizio reports.
“Most hacks that affect the iPhone are the ones that are unlocked with ‘jailbreak’ utilities… Evidently, however, even iPhones fresh off the shelf could be vulnerable, according to Seriot, who showed how a malicious application could gather personal data from an iPhone without using private APIs,” Patrizio reports.
“Based on his conclusions, a malicious app is free to move around all it wants once inside the system — reading a user’s address book, stealing their phone number, viewing their browser history, and culling other private data from the device,” Patrizio reports. “Apple did not respond to requests for comment.”
Patrizio reports, “Seriot also said that unlike the transmission methods popular among PC malware, iPhone trojans will make their way to the device by way of the Apple App Store. ‘Reviewers can be fooled,’ he noted in his presentation.”
Full article here.
MacDailyNews Take: Apple’s response, if they find the threat to users to be credible, won’t likely be a statement to media, but rather the release of iPhone OS 3.1.3 or higher along with a credit for Seriot in the CVE list.