One of the greatest things about being a Mac instead of a PC is not having to deal with all the headaches of viruses, adware, trojans and all of the other havoc that hackers have been placing on Windows users for more than a decade.
Of course, that’s not to say that Macs have never been vulnerable - it’s just that hackers tend to go where the masses are, where their chances are greater that someone in the pack will click on the bad link or open the bad attachment.
Now, as the popularity of the iPhone and the iPad - both of which run iOS - has gone mainstream, the hackers are tapping iOS. And surely, they’re counting on users - who have long known about vulnerabilities to computers - to be naive about the vulnerabilities that are possible in the mobile world.
Also see: Your iPhone, iPad and iPod touch devices are all wide open to hackers
Today, Gizmodo posted an unsourced report about a security breach in iOS products that are being pushed through PDF files and the Web pages that load through the Safari browser. Gizmodo calls the vulnerability “easily exploitable” and explains that unsuspecting users who could be giving “total control” of their iPhones, iPod Touches or iPads to hackers. The blog reports:
It just requires the user to visit a web address using Safari. The web site can automatically load a simple PDF document, which contains a font that hides a special program. When your iOS device tries to display the PDF file, that font causes something called stack overflow, a technical condition that allows the secret ninja code inside the font to gain complete control of your device. The result is that, without any user intervention whatsoever, that program can do whatever it wants inside your iPhone, iPod touch or iPad. Anything you can imagine: Delete files, transmit files, install programs running on the background that can monitor your actions… anything can be done.
Again, the Gizmodo post is unsourced, though it does link to a couple of other blogs that offer more technical details about what’s at work here. [Macstories and Digdog] Still, it’s important for iPhone and iPad owners to recognize that the invisible Apple security blanker that once came with being an Apple customer is going away.
The company is quick to boast the number of iPhones and iPads out there - now in the millions. And market tracking firms are also quick to note how the iPad has given Apple a huge head start in the tablet market and how the iPhone - even though it doesn’t have the largest market share - is the smartphone that competitors are targeting. But competitors aren’t the only ones placing that target on Apple’s back. Hackers are apparently eyeing it, too.
The Gizmodo post includes some information about a product that warns users when dangerous PDFs are about to be installed - but that requires you to jailbreak your device, which will void your warranty. It also notes that Apple has not yet responded to its inquiries about this particular vulnerability.
Hopefully, that’s because the security team is working double time to address the breach - and looking for ways to deal with breaches that are sure to surface in the future.
Related coverage: Forrester: Apple’s iPhone, iPad secure enough for enterprises, but RIM rules security roost
