BERLIN -- The software running Apple's iPhones, iPads and the iPod Touch has "critical weaknesses" that could be used by criminals to gain access to confidential data on the devices, Germany's IT security agency warned Wednesday.
Clicking on an infected PDF file "is sufficient to infect the mobile device with malware without the user's knowledge" on several versions of Apple's iOS operating system, the Federal Office for Information Security said.
The same could occur when opening a website that carries an infected PDF file, possibly opening the device to criminals spying on passwords, planners, photos, text messages, emails and even listen in on phone conversations.
"The weak points allow possible attackers to gain administrator rights and get access to the entire system," it said.
The problem may occur on all devices -- iPhone 3GS, iPhone 4, iPad, iPad 2 and the iPod Touch -- with software versions including iOS 4.3.3, and it "cannot be excluded" that other iOS versions have the same weakness, it said.
Apple has yet to offer a patch to fix the problem, the agency added.
Apple Germany spokesman Georg Albrecht told the Associated Press he was aware of the warning, adding that Apple would not comment on it.
The agency said it was in contact with the firm regarding the security hole.
No attacks taking advantage of it have been reported so far, "but it must be expected that attackers will soon exploit the weak points," it said.
The agency urges the devices' users to refrain from opening PDF files of unknown origin, be it as an email attachment or those opening through websites.
"Possible scenarios for attacks by cyber criminals include the extraction of confidential information (passwords, online banking data, calendars, e-mails, SMS or contacts), accessing the device's cameras, the user's GPS data as well as listening in on phone conversations," the statement said.
The Bonn-based institution reported a similar security hole last year, for which Apple soon afterward presented a software upgrade fixing it.
i'm in california and uncle's ipad2 got infected. he works with pdf files constantly because he's in the ebook publishing business. this happened 2 weeks ago and he's still dealing with id theft problems.
ReplyDelete-cheers
Tell him to return his iPad 2 and get a Xoom or Iconia. Way better devices.
ReplyDeleteTo keep things in perspective, be sure to Google: Android+malware. It ain't no bed of roses either.
ReplyDeleteAh yes, but Android + Security Software = No Malware. Works for me and everyone I know that has an Android device :)
ReplyDeleteThe "everyone I know" test is not scientific. I can honestly say that everyone I know with an iOS device is doing fine without any extra security software. That proves nothing. What matters is hard statistics. Got any?
ReplyDeleteThere's a new Android trojan masquerading as security software.
ReplyDeletehttp://www.informationweek.com/news/231001918
Oh, and by the way, Apple has updated iOS to take care of the PDF exploit.
I couldn't agree more: http://t.co/94fthId
ReplyDeleteDave, I'm not sure how the article (http://t.co/94fthId) cited in your previous comment relates to this thread about security. In fact, all of the same criticisms in the article apply more or less to Android tablets as well.
ReplyDeleteBasically the author argues that, for a college student, a laptop makes more sense than a tablet. I'd also agree, but that's no particular indictment of Apple.
I'm still rather amazed at the phenomenal success of the iPad (I don't own one). I view it a luxury item to be used in addition to one's smart phone and portable computer, not as a replacement for either.
Well, I think that most kids really are still in the learning process and most of them would want the trendy new gadget. The want the latest name brand sneakers, fashion, tech, etc. If their friends have the iPad status symbol, they will likely make a case for one. A college student could get a less expensive Android tablet that would make it a little more worth it to get one over the ipad. That's all. And, yes, a laptop would be way more productive than any tablet for a college student.
ReplyDeleteIt's not a "PDF exploit" or even a "PDF vulnerability". If you knew what you were talking about you'd know that is a security hole in an open source library that Apple uses called FreeType. In fact, you don't even need to use a PDF file to exploit this flaw.
ReplyDeleteWell, since it's not my article, take it up with mercurynews.com. Call it whatever you want but it's a problem that simply needs patching.
ReplyDeleteApple released iOS 4.0.2 a few weeks ago, which took care of this.
ReplyDelete"Security software provider McAfee said today that the amount of malware, or malicious software, targeting Androids phones jumped 76 percent since the last quarter, making it the most heavily attacked mobile operating system."
ReplyDeletehttp://news.cnet.com/8301-1035_3-20095965-94/mcafee-says-android-plagued-by-the-most-malware/
People who live in glass houses shouldn't throw stones.
I don't think anyone here ever claimed that Android didn't get attacked. As some experts have said, the attackers commonly go after the biggest and more popular OS so there you go.
ReplyDeleteNo, the haters imply that Apple products should be avoided because they are less secure, when in fact Apple users have fewer problems with malware. I don't care about PwnToOwn or labroratory proofs of concept. What counts are real incidents in the wild.
ReplyDeleteOf course, the haters' anti-Apple campaign has lost traction in the face of reality. People are jumping ship to Apple left and right these days. Once they see for themselves how nice it is to actually own and use Apple products, most are hooked.
Apple products are not perfect (or ideal for everyone), but I find ironic that haters even bring up the issue of security when Apple has the competition beat in this area. Cry me a river about Apple's low market share being the reason for lack of malware. That's fine with me. Seems like Apple has the best of both worlds: the bulk of mobile profits and the fewest security exploits.