According to a German IT security agency BSI, Apple iOS has been found to contain vulnerabilities that might lead to data loss or may give hackers unauthorised access to confidential data in these devices.
The Apple operating system IOS, which powers iPhone, iPad, iPod touch contains, in the view of PDF files using library-critical vulnerabilities. Even clicking a crafted PDF document or surfing to a web site comply with the PDF documents are sufficient to infect the mobile device without the user with malicious software. Although, the system hasn’t been attacked yet, BSI senses a strong attack in the making, if Apple officials don’t fix up the flaws.
The potential vulnerabilities allow attackers to access with administrative privileges on the entire system to attain. So far, no patch is available for these vulnerabilities.
Affected by the vulnerability, the operating systems:
- [advt]Apple iPhone 3G and iPhone iOS for 4 to and including version 4.3.3
- Apple iPad iPad and iOS for 2 up to version 4.3.3 and
- IOS for iPod touch up to version 4.3.3
Currently can not exclude that other versions of the IOS operating system are affected by this vulnerability.
Possible loss of confidential information
The vulnerabilities are publicly known exploit code is available for their use. Although no attacks have been observed, however, it is to expect that attackers are exploiting vulnerabilities in real time. Possible attack scenarios for cyber-criminals include the reading of confidential information (passwords, online banking data, calendars, e-mail content, text or contact information), access to built-in cameras, the interception of telephone conversations and the GPS localization of the user.
Due to the popularity of IOS devices are frequently used in this professional environment. To the knowledge of the BSI are used in particular iPhone and iPad in senior management. Therefore, it is possible that the weaknesses can be exploited for targeted attacks on leaders, for example, to get to confidential company information.
Recommendations for the protection of personal data
Until the publication of a software update of the manufacturer recommends the BSI
- PDF documents from unknown or untrusted sources not open to IOS devices. This applies to PDFs that are provided in the context of websites, as well as PDFs to e-mails or other applications.
- The use of the browser on the mobile device should be restricted to trusted websites.
- Hyperlinks in e-mails or web pages should be opened only if they come from trusted sources.
- With the use of search engines should be taken when the results in the hit list to not to click on a PDF document.
Similar weaknesses are already known in August 2010 and closed within a short time been. It is expected this time also believe that Apple will be publishing a security update which fixes the vulnerabilities.