German Security Unit Points Out Loopholes in Apple’s Security

Early this week, the iPad manufacturer, Apple’s site suffered a data breach. Although the loss of data was passed as minor by the brand, it did raise a lot of questions about the security of the users’ data on the site. Now, in an official release by an IT security agency based in Germany, Apple’s iOS, in its current form is heading for a bigger fall, which by all means is preventable.

Needs fixing!

Needs fixing!


According to the official release, in German by the German Federal Office for Information Security, or the Bundesamt fur Sicherheit in der Informationstechnik (BSI), Apple’s iOS device could easily succumb to malicious code if an infected PDF file was opened on the device. Although, the system hasn’t been attacked yet, BSI senses a strong attack in the making, if Apple officials don’t fix up the flaws.



Here's an excerpt from the German press release (which can be accessed here) translated into English:


New vulnerabilities in Apple's operating system IOS

Execution of malicious programs on your iPhone, iPad, iPod touch
Bonn, 06.07.2011.

The Apple operating system IOS, which in devices for mobile communication and Internet use as the iPhone, iPad, iPod touch is used contains, in the view of PDF files using library-critical vulnerabilities. Even clicking a crafted PDF document or surfing to a web site comply with the PDF documents are sufficient to infect the mobile device without the user with malicious software.

The potential vulnerabilities allow attackers to access with administrative privileges on the entire system to attain. So far, no patch is available for these vulnerabilities.

Affected by the vulnerability, the operating systems:

-Apple iPhone 3G and iPhone iOS for 4 to and including version 4.3.3
-IOS for Apple iPad iPad and 2 up to version 4.3.3 and
-IOS * Apple iPod touch up to version 4.3.3

PDF documents from unknown or untrusted sources open to non-IOS devices. This applies to PDFs that are provided in the context of websites, as well as PDFs to e-mails or other applications.
- The use of the browser on the mobile device should be restricted to trusted websites.
- Links in e-mails or web pages should be opened only if they come from trusted sources.
- When using a search engine should be taken when the results in the hit list to not to click on a PDF document.

For now, BSI advises that unless rectified by Apple themselves, no known PDF files should be opened. Apple, in its response has however stated that it does treat security with utmost importance. It also added that it is taking measures to fix all the flaws that BSI pointed out. Also considering that a threat has been detected, and a new iOS is on its way, chances of Apple punctuating it with a security fix seem high, and apt.

Published Date: Jul 08, 2011 11:54 am | Updated Date: Jul 08, 2011 11:54 am