Apple iOS 4 Devices Hacked Through PDF Security Breach
Christian Harris, 04/08/2010, posted in "Analysis"
Christian Harris is editor of BCW. Christian is an IT journalist with over 17 years industry experience. In that time he has launched, edited and written for numerous magazines ...more info
Christian Harris is editor of BCW. Christian is an IT journalist with over 17 years industry experience. In that time he has launched, edited and written for numerous magazines and Web sites including PC Magazine, ZDNet, TechWorld, VNUnet, PC Advisor, PCW, GameSpot, Stuff, Press Gazette, Web User, The Daily Mail and The Guardian. As a copywriter/blogger, Christian also works on freelance marketing projects that include producing Web sites and writing white papers, case studies and press releases. Christian has a BA (Hons) in Publishing from the London College of Communication. ...less info
Apple devices, such as the iPhone and iPad, can be hacked through a flaw in the way iOS 4 deals with PDF files. The bug can be exploited when a user visits a web address using Safari. The web browser can automatically load a PDF file containing a malicious code, hidden within a font, causing a stack overflow when displayed. Apple is yet to release a patch for the issue, but has kindly advised users not to download a PDF file from an untrusted source, and to try and avoid visiting any PDF links directly.
Paul Vlissidis, technical director at independent IT assurance specialist NCC Group, commented on the newly discovered vulnerability in the iPhone and iPad: “This type of vulnerability is consistent with what has been seen with new technologies. There is always a delay from when they are introduced until new vulnerabilities emerge. This particular weakness is related to how PDF files are handled, that can then lead to malicious files infecting the device.
“Given the speed with which these types of issue are picked up by miscreants, it is important for vendors to issue patches or workarounds quickly and make it easy for users to apply these patches. Users also need to take responsibility for their own security settings and respond to security alerts by the vendors. As smartphones become increasingly popular in the market place, more vulnerabilities such as this will come to light, as hacking capabilities become progressively more sophisticated.”
Another day, another vulnerability…
Subscribe via RSS or via email
