Apple fixing security flaw in iPhones, iPads after German IT firm warning

Summary:Apple is rushing to fix a security hole found in its iOS mobile software following a stern warning from a German IT security department.

Apple is rushing to fix a security hole found in its iOS mobile software following a stern warning from a German IT security department.

The Associated Press is reporting that Germany's Federal Office for Information Security found that flaw stems from clicking on an infected PDF file, which "is sufficient to infect the mobile device with malware without the user's knowledge." That opens the door for the user's passwords, emails, text messages, emails and almost anything else stored on the iPhone, iPad or iPod touch in question.

Apple's response:

Apple Inc. spokeswoman Bethan Lloyd said Thursday the company is "aware of this reported issue and developing a fix that will be available to customers in an upcoming software update."

Apparently this is damaging on "several versions" of iOS, but not all. The Guardian has cited specifics:

The problem may occur on iPhone 3GS, iPhone 4, iPad, iPad 2 and the iPod Touch with software versions including iOS 4.3.3, and it "cannot be excluded" that other iOS versions – including the iOS 5 due in September – have the same weakness, said the Bonn-based federal bureau.

The security gap was originally uncovered by a group of hackers trying to jailbreak an iPhone. Some third-parties who produce jailbreaking software have already posted patches. However, it appears that this problem, related to PDF files, is different from the recent zero-day font vulnerability found in JailbreakMe.com. That doesn't necessarily mean they are unrelated, but just different.

As ZDNet's Adrian Kingsley-Hughes reports, there is a debate over whether or not jailbroken iPhones and other iOS devices are actually safer or not. But a patch from Apple for this specific problem is still needed immediately.

All of this follows the recent discovery that Apple could also be a target of the AntiSec campaign, adding fuel to the theory that the Cupertino, Calif.-based company could be the "Holy Grail" for hackers.

Related:

Topics: Apple, iPad, iPhone, Mobility, Security

About

Rachel King is a staff writer for CBS Interactive based in San Francisco, covering business and enterprise technology for ZDNet, CNET and SmartPlanet. She has previously worked for The Business Insider, FastCompany.com, CNN's San Francisco bureau and the U.S. Department of State. Rachel has also written for MainStreet.com, Irish Americ... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.