Apple investigating Mobile Safari PDF security issue

“Apple says that it is looking into a reported iPhone security breach after a slew of media reports suggested that the smartphone could be vulnerable to malicious code unwittingly downloaded via a PDF,” James Rogers reports for TheStreet.com.

Advertisement: Scratch proof your iPhone 4 with invisibleSHIELD.

“Users visiting a tampered-with Web site and loading a PDF could unknowingly open their devices up to hackers,” Rogers reports. “In a blog post, Graham Cluley, senior technology consultant at antivirus specialist Sophos, said that the vulnerability is in the mobile version of the Safari Web browser used by Apple’s operating system, specifically its handling of PDFs… iPhones, iPod touches and iPads running version 3.1.2 of Apple’s iOS operating system and higher could be at risk.”

“‘We’re aware of the reports, and we’re investigating,’ an Apple spokeswoman told TheStreet Thursday, but declined to provide any additional details,” Rogers reports. “‘iPhone users should be cautious when browsing unsolicited or suspicious websites, even if they haven’t jailbroken their device,’ Symantec said in a statement.”

Full article here.

Josh Ong reports for AppleInsider, “iPhone Dev Team hacker ‘comex’ was the first to exploit the security flaws, allowing users to jailbreak their iOS devices”

“The vulnerabilities have attracted significant attention this week. Several security firms have issued notices labeling the vulnerabilities ‘critical,'” Ong reports. “A German government agency [also] warned users Wednesday.”

Full article here.

MacDailyNews Take: Avoid reading PDFs with Mobile Safari until Apple releases an update.

29 Comments

  1. Oh give me a break ” lord jobs” the man spends his cancer ridden days trying to develop earth changing devises that work well for the masses, he is not some evil man in a dark castle. He seems to be a pretty decent human being that forgoes profit for excellence, ten years ago before he created the best phone ever no one was bashing him but know that the world has taken notice of his near perfect creations all of a sudden he a bad man, cite your reasoning behind that… Or keep your mouth shut and your ears open you may learn so

  2. Apple fanboys on this site == dumbass nieve think they know security when they are smart by a 1/2.

    Look what just happened. Rooted iOS4, turned off signing, broke through the sandbox. Someone other then YOU owns ROOT!! Add a GOOD stealth rootkit that stays there even if re-flashed and you are hosed. Welcome to the internet 2010 you nieve apple fanboys. Some of you are totally clueless on what just happened. You act as if this is some kind of anomaly.

    A pro just hit you in the face with this exploit. Many more pros will come up to bat in the coming years. Never like MS though.

  3. Notice: I AM NOT a troll.

    Unlike those of who call me that, I am also not a moron who believes Steve Jobs is anything more than a very clever marketer, showman and master manipulator of the legions of lemmings he has spawned with what used to be truly “revolutionary” produces.

    He also didn’t use to lie to us – sometimes his hyperbole was over the top but what’s new about that when someone is trying to sell something.

    No, I’m totally pissed that we stand and cheer and whoop and holler when he rolls onto the stage in that get up and proceeds to tell us this new phone is the best ever and a few days later admits it’s no better than any of the rest of the smartphones out there and not really as good as the previous iPhone models.

    I don’t like being lied to, taken for granted and treated as though I have no choice but to accept his incredible arrogant behavior.

    I do have choices and increasingly I’m looking at products with other brands – there’s some really good ones out there now that I have cured myself of Jobs-mania blindness.

  4. @Continuing Fail: As an Apple investor I’d be thrilled if you’d buy some other brand of product and just keep your sniveling and jealousy to yourself. Now go away.

  5. @rhoytink

    On it, and on http://www.untangle.com/ too.

    While it helps Open DNS can’t get them all. They get daily lists. Many sites have timers on them to evade easy detection. Some are polymorphic also. Plus , unless you have” enterprise Open DNS” $$$, you are far from getting the premium list.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.