Safari Flaw Leaves iPhone, iPad Open to Digital Hijackers

Mobile OS can automatically load malicious code
By Rob Quinn,  Newser Staff
Posted Aug 5, 2010 5:31 AM CDT
Apple says the fix will be released in an upcoming software update.   (AP Photo/Tom Hevezi)

(Newser) – The iPad, iPod, and iPhone have a gaping security hole that hackers could easily exploit to hijack a device, security experts warn. Apple's mobile version of the Safari browser opens PDFs automatically, so all a hacker would need to do would be to embed malicious code in such a document. The same method is used by sites that "jailbreak" iPhones to run non-approved apps.

"It uses the same tricks as you do when jailbreaking," a computer security expert tells the BBC. "We always thought that Apple's Mobile Safari would be the main vulnerability. We have yet to see any of these exploits out in the wild, but it is only a matter of time." Apple says it is working on a fix for the security flaw—which affects devices running OS 3.12 or later—but for now, ironically, for users who wish to keep using Safari, the only fix is to jailbreak the phone for an app called PDF Loading Warner.

My Take on This Story
Show results without voting  |