Apple investigating Mobile Safari PDF security issue

“Apple says that it is looking into a reported iPhone security breach after a slew of media reports suggested that the smartphone could be vulnerable to malicious code unwittingly downloaded via a PDF,” James Rogers reports for TheStreet.com.

Advertisement: Scratch proof your iPhone 4 with invisibleSHIELD.

“Users visiting a tampered-with Web site and loading a PDF could unknowingly open their devices up to hackers,” Rogers reports. “In a blog post, Graham Cluley, senior technology consultant at antivirus specialist Sophos, said that the vulnerability is in the mobile version of the Safari Web browser used by Apple’s operating system, specifically its handling of PDFs… iPhones, iPod touches and iPads running version 3.1.2 of Apple’s iOS operating system and higher could be at risk.”

“‘We’re aware of the reports, and we’re investigating,’ an Apple spokeswoman told TheStreet Thursday, but declined to provide any additional details,” Rogers reports. “‘iPhone users should be cautious when browsing unsolicited or suspicious websites, even if they haven’t jailbroken their device,’ Symantec said in a statement.”

Full article here.

Josh Ong reports for AppleInsider, “iPhone Dev Team hacker ‘comex’ was the first to exploit the security flaws, allowing users to jailbreak their iOS devices”

“The vulnerabilities have attracted significant attention this week. Several security firms have issued notices labeling the vulnerabilities ‘critical,'” Ong reports. “A German government agency [also] warned users Wednesday.”

Full article here.

MacDailyNews Take: Avoid reading PDFs with Mobile Safari until Apple releases an update.

29 Comments

  1. They declared a theoretical possibility of … Is there an example that exists? Have you made one of these pdf’s an sent it to Apple so they can see if they can correct this theoretical possibility? Is Apple’s products the only devises that this can happen too?

    Is this the definition of FUD?

  2. Apple should take some of that $45 Billion and hire the two best hackers out there. Pay ’em a million a year, set ’em up in there own space and have them hack away at all Apple software.
    Apple could then discover internally most exploits before the outside world.

  3. We all knew that evil Norton would win some day and they are.

    But, it’s lord Jobs who let them in. Departure from the principles and philosophy that made us all loyal and, at times, blind followers of Jobs has resulted in him believing there was nothing bad he could do to us that would run us off.

    And, it looks like he’s right. What morons we are to continue to accept the free fall of customer care and product quality. From the release of a ‘revolutionary’ phone that doesn’t work very well to exposure to the world of thievery and invasion into our personal lives now happening with every kind of Apple OS, we are being screwed and seem to just lay here and take it.

    Not me. Lord Jobs does not control me or my buying choices and he never will.

  4. Found out more on this.

    “There are two distinct vulnerabilities in the iPhone uncovered with the jailbreak software’s release, principal analyst Charlie Miller of Independent Security Evaluators told CNET Tuesday. One flaw is in the way the browser parses PDF files, enabling the code to get inside a protective sandbox, and the other hole allows code to break out of the sandbox and get root, or control, privileges on the device.”

    Apple sees where the jailbreak is occurring and has a fix. “Resistance is futile!”

  5. This is more serious than just “Avoid reading PDFs with Mobile Safari until Apple releases an update.”

    This exploit can root Safari w/o the user even knowing there is a PDF being loaded.

    This is the exploit that jailbreakme.com uses.

    I’m sure Apple already has it fixed, but your sugar coating the issue a bit.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.