A version of Adobe's Flash software that can be downloaded to jailbroken Apple products has been detected.
The software known as ‘Frash' was created by a group called Comex that can run on the Apple iPad, and is now being ported to the new iPhone 4. Details of Frash were revealed earlier this week by Electricpig.co.uk, which said that Frash was hacked together using code from Android, and gives the iPad's Safari browser everything needed to run Flash.
Jailbreaking refers to the act of cracking a vendor's smartphone operating system to allow it to work with almost any mobile network and download unapproved applications.
Barmak Meftah, chief products officer at Fortify, said that it is frowned upon by the mobile phone carriers as it drives a steamroller through their handset subsidy schemes.
He said: “Whilst Frash may look attractive to iPhone 4 and 3GS users wanting to surf to extra websites, the reality is that to install this software, users will have to jailbreak their handsets, so allowing the loading of apps from almost any source.
“Whilst Apple monitors the iTunes store closely for rogue apps, the same is not true for open source and third-party iPhone apps, which can be tampered with by hackers and then offered for free download.
“You wouldn't be so silly to download a `free version' of MS Office from a Ukrainian website to your desktop PC, so why do the same for your smartphone? Think before you click and download.”
Speaking to SC Magazine, Graham Cluley, senior technology consultant at Sophos, was asked whether he was surprised that this ‘rogue' software had appeared. He said he was not, but he warned people to think twice before jailbreaking their iPhones just to have a distant cousin of Flash.
He said: “There are plenty of people who dislike Apple's tight grip on which applications iPhone users are allowed to install, but no one can dispute that from the security point of view at least it has been a success.
“The only malware outbreaks we have seen on the iPhone have occurred on jailbroken devices, and despite their immense popularity iPhones that have not been tampered with remain relatively safe.
“So, jailbreaking your iPhone might open you up to other dangers - even if you do end up with Flash capability. But also remember that many hackers have exploited flaws in Flash in the past - and questions will need to be asked as to how well an unauthorised implementation of Flash will be supported and updated to counter any vulnerabilities which may emerge.”
In a separate issue, Barracuda Networks has warned web users to be wary of fake Adobe flash updates. It claimed to have uncovered a number of compromised sites in the wild that presents unwary visitors with an official-looking Adobe Flash update page.
It said that even though the page looks convincing, downloading this ‘update' only provides the user with a nasty piece of malware that is classified by McAfee as Downloader-CEW.f.