IOS Security Flaw Discovered

Apple today acknowledged a security flaw in iOS, as the company deals with more threats to users' personal information.

The security flaw allows attackers to infect users' iOS devices with malicious software that would give them administrator privileges just by displaying infected PDF files. The Cupertino, Calif.-based company says it will address the security concern in a forthcoming update.

"Apple takes security very seriously; we're aware of this reported issue and developing a fix that will be available to customers in an upcoming software update," said Alan Hely, senior director for corporate communications in Apple's London office, in a statement.

JailbreakMe.com, a website that teaches users how to hack their Apple products to give them a more customizable interface, discovered the flaw, claiming it did not create the malicious files.

"I did not create the vulnerabilities, only discover them," the website said. "Releasing an exploit demonstrates the flaw, making it easier for others to use it for malice, but they have long been present and exploitable."

In a twist of irony, jailbreakers are the only group that may be able to fix the flaw at the moment. Cydia, an alternative app marketplace used by jailbreakers, published a fix for the security flaw called "PDF Patcher 2." The patch only works for iOS users with jailbroken devices, which Apple discourages.

"Until Apple releases an update, jailbreaking will ironically be the best way to remain secure," JailbreakMe's website said.

The German Federal Office for Information, known as BSI, issued an alert to iOS users in the country after learning of the security threat. The BSI described the flaw as a "critical weakness" that affects the iPhone 3G and devices running iOS versions up to 4.3.3.

The BSI hasn't reported any attacks but the agency did outline potential risk areas. The BSI said cyber-attackers could target confidential information like passwords, online banking data, e-mail and contact information, as well as gain access to a person's camera or intercept phone calls. The agency also said hackers can learn of a person's location with the malware because of the phones' built-in GPS.

Apple has lately come under fire in regards to keeping its users' information safe. Several iOS users have sued Cupertino, Calif.-based company for allegedly storing user encrypted data on its devices. The resulting uproar drew rebukes from Senate and consumer outcry.

The company's security was also breached recently by hackers. AntiSec, a group formed by hacktivists Anonymous and the now-defunct LulzSec, said that it broke into an Apple server, collecting 26 administrative user names and passwords.

The anonymous hackers claim they accessed the Cupertino, Calif.-based company's systems through a security flaw in third-party software, once again putting security issues in Apple's platform under the lens.

IOS Security Flaw Discovered originally appeared at Mobiledia on Thu Jul 07, 2011 3:24 pm.

Source: http://www.mobiledia.com/news/97150.html

iphone 4 iphone 4 16gb iphone 4 bumper iphone 4 case iphone 4 cases iphone 4 hülle