Apple has found themselves in a spot of bother today as news started to leak out about a major security concern in iOS. Germany’s IT security agency issued a warning about the exploit, and published a post explaining the ins and outs of the PDF exploit found by famed jailbreaker Comex. As it stands, all it takes is an infected PDF and your iOS device could be brought to its knees pretty quickly.
The Guardian is reporting that Apple is aware of the security vulenerability, and that it will be closed up in a patch in the future. Apple didn’t mention when that patch would be released, or if it would ship before iOS 5 is released later this fall.
Jailbreakers found the bug while looking for ways to exploit iOS to run jailbroken applications, but there have been no documented cases of the exploit being used in the wild, yet.
If you are running a jailbroken iOS device, you can patch the whole yourself by updating your Cydia sources and installing PDF Patcher 2. The patch was released by famed jailbreaker Comex, who was also the person responsible for finding the PDF exploit in the first place.
Details on the Exploit
The exploit, centered around a PDF bug, could let someone gain access to your passwords, planners, photos, text messages, emails, and even listen in on your phone conversations.It gives the exploiter complete adminstrator rights and access to your iOS filesystem, which is obviously problematic for iOS users.
Administrator access means they can do whatever they want to your phone, so clearly this is a huge problem. Apple needs to get it patched quickly now, especially since the news has now made its way to the Internet.
How it could affect you
Outside of the aformentioned possibilities, there are a bunch of secondary problems that can stem from the access we’ve mentioned. Passwords or banking information in an email could be read by prying eyes and accessed if you passed banking information and login credentials in an email, or even log in to your banking website from your iOS device.
Stopping the problem is simple, and avoiding catastrope isn’t rocket science either.
The Golden Rule
If you don’t know where something came from, how it got on your device, or how you ended up on a website, close it immediately. Don’t download what it’s asking you to, don’t give them your email, and don’t open that PDF that randomly shows up — avoid it and move on. These exploiters prey on your trust. Stop trusting the Internet, stop assuming everything’s all cozy and warm, and start thinking that these web publishers are trying to steal your data one way or another.
It sounds paranoid, but it’s the best approach.