CNN.com - 7/11/2011
Amy Gahran
Although so far, Android devices pose the greatest risk of mobile malware, no mobile platform is immune to this problem -- not even Apple's iPhone, iPad and iPod Touch.
Recently, ReadWriteWeb reported that the German government issued a warning: Some versions of the Apple iOS mobile operating system are vulnerable to malicious code contained in PDF files.
This means that Apple mobile users who download PDF files currently risk letting cybercriminals access their confidential information, intercept phone conversations or take over other aspects of their device. There is no evidence yet that cybercriminals have done this, but it could happen easily.
Apple says it's working on a fix, but according to The Wall Street Journal, the company is not saying how long the vulnerability has existed, or when exactly this fix will arrive.
In the meantime, Apple mobile users should refrain from downloading and viewing PDF files on their devices.
This mobile security hole uses vulnerabilities in PDFs -- short for Portable Document Format, an open standard for digital documents -- that date back to 2007.
Gizmodo notes: "Does this scenario sound familiar? It should, as variants of this browser-based exploit have been around since 2007. In iPhone OS 1.1.1, it was a Tiff rendering vulnerability; and in iPhone OS 2.0, it was a PDF file that caused all the problems. This PDF hole reared its ugly head again in iOS 4. Each time, Apple patched the exploit and everyone calmed down."
MacNewsWorld reports that this iOS security hole was discovered by a team of hackers called Comex that also offers tools for "jailbreaking" iPhones. (This means undoing the locks that Apple has put in place to prevent its mobile users from downloading or installing software that doesn't come through iTunes or the App Store.)
Apparently, until Apple releases its fix, the only way to secure your iPhone, iPad or iPod Touch against this threat is to jailbreak it.
Gizmodo suggests first using Jailbreakme to jailbreak your device. This tool is delivered via a PDF file that actually uses the security exploit to install software that allows you to jailbreak your Apple device. Then, to close this exploit, download PDF Patch. After that, you can un-jailbreak your device if you like.
Of course, jailbreaking your Apple device can open mobile users to a wide array of additional security risks.
One main reason for Apple's famed "walled garden" is to protect mobile users from malicious or otherwise problematic software that can put their data or devices at risk. And, for the most part, the virtual absence of iOS malware (until now) demonstrates the value of this approach -- especially for less tech-savvy mobile users who aren't quick to spot mobile security threats.
The opinions expressed in this post are solely those of Amy Gahran.
Let our techs screen your devices today!
Visit GeeksOnCall.com
or Call 1-800-905-4335
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment