Flaws in Apple iOS can be exploited by a malicious PDF

News by Dan Raywood

The Apple iOS contains multiple vulnerabilities when a PDF is viewed.

The Apple iOS contains multiple vulnerabilities when a PDF is viewed.

According to the German federal office for information security, the Apple iOS can be penetrated when a user clicks on a crafted PDF or directed to a malicious website that complies with the document. This, it said, is sufficient to infect the mobile device with malware and the potential vulnerabilities could allow attackers to access the entire system with administrative privileges.

A report said that iOS up to and including 4.3.3 is affected but it could not be sure that other versions of the operating system are unaffected. While no attacks have been observed, it said that it expects that attackers are exploiting vulnerabilities in the wild.

The federal office recommended users do not open PDF documents from unknown or untrusted sources on Apple devices, including PDFs that are provided in the context of websites. It said that it is in contact with Apple and it expects Apple to release a security update that fixes the vulnerabilities soon.

An Apple spokesperson told The Associated Press he was aware of the warning, adding that Apple would not comment on it.

Mikko Hypponen, chief research officer at F-Secure, said that the threat is as serious as the last time that jailbreakme.com was using a zero-day but then nothing bad happened as Apple patched fast.

He said: “If things turn bad and we see an iPhone outbreak via the new PDF vulnerability, there's not much you can do as there are no anti-viruses available on iPhone.”

However he also said that until Apple releases a fix, only jailbreakers will be safe from this specific attack. “I don't really recommend that anyone jailbreak their phone, because it breaks other parts of the security model of the phone and may introduce new vulnerabilities. But the bottom line is that right iPad or iPhones have an unpatched zero-day vulnerability, and the only way to patch it is to jailbreak the phone,” he told Forbes.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews