Home / News & Blogs

Theoretical attacks exploit iOS browser flaw

Elinor Mills | August 6, 2010 4:40 AM PDT

Summary

Here's how an attacker could get an iPhone user to visit a malicious Web page in order to exploit a new hole in the device's browser, researchers say.

Topics

Flaw, Web Browser, Attack, Web Browsers, Internet, Apple, iPhone, security, Safari, iPad, exploit, iPod

The new browser security flaw in iPhones, iPods, and iPads could be more dangerous than initially suspected.

The vulnerability comes from the way the jailbreak software, released on Sunday, uses the mobileSafari browser instead of requiring that the device be connected to a computer. Jailbreaking the phone allows it to run apps not approved by Apple. But this flaw could be used to launch an exploit if the user were to surf to a Web site hosting a malicious PDF, giving unrestricted access to the device.

For more on this story, read Theoretical attacks exploit iOS browser flaw on CNET News.

Talkback Most Recent of 19 Talkback(s)

  • Impact limited to iOS?
    Since the Webkit based browser in iOS is shared by the Android platform, is it equally vulnerable?
    ZDNet Gravatar
    Luke Skywalker
    6th Aug 2010
  • GOOD QUESTIONG.. is this really a webkit vulnerability?
    @Luke Skywalker ...
    ZDNet Gravatar
    doctorSpoc
    6th Aug 2010
  • Not webkit, but Preview
    @Luke Skywalker

    On of the bugs (there's actually two involved in the jailbreak exploit) is in Apples own PDF viewer (named Preview ). And there is indeed reason to believe that OS X may be vulnerable as well, as it is essentially the same code.

    Incidently, the bug is in Apple Preview - which is used for displaying PDF files. It has nothing to do with webkit. If you are using Firefox on OS X you are also vulnerable, since FF will also invoke Preview to display PDFs.

    Neither FireFox nor Safari uses a sandbox. Chrome and IE does. But I really don't know if Chrome executes Preview inside of its sandbox (on Windows, Chrome does not execute Flash in a sandbox - unlike IE).
    ZDNet Gravatar
    honeymonster
    6th Aug 2010
  • i'm pretty sure in FF you can choose if you want preview or acrobat..
    @honeymonster...
    ZDNet Gravatar
    doctorSpoc
    6th Aug 2010
  • @honeymonster
    theoretical

    Main Entry: theoretical
    Pronunciation: \th--re-ti-kl, thir-e-\
    Variant(s): also theoretic \-tik\
    Function: adjective
    Etymology: Late Latin theoreticus, from Greek thertikos, from therein to look at
    Date: 1601

    1 a : relating to or having the character of theory : abstract b : confined to theory or speculation often in contrast to practical applications : speculative
    2 : given to or skilled in theorizing (a brilliant theoretical physicist)
    3 : existing only in theory : hypothetical

    In other words, you're shooting the breeze. Or breaking wind. Either one.
    ZDNet Gravatar
    ahh so
    6th Aug 2010
  • RE: Theoretical attacks exploit iOS browser flaw
    @ahh so
    Ahhso, what a stupid response to someone trying to give valid information. What are you, some kind of apple fanboy being defensive? Burying your head in the sand, or citing dictionary definitions of words isn't going to help, it only makes you look like a fool.
    ZDNet Gravatar
    garyleroy@...
    8th Aug 2010
  • Apple products don't get viruses
    This is impossible. Stop saying bad things about Apple.
    ZDNet Gravatar
    trickytom2
    6th Aug 2010
  • who said anything about a virus?
    @trickytom2 - what does this story have to do with viruses?
    ZDNet Gravatar
    doctorSpoc
    6th Aug 2010
  • RE: Theoretical attacks exploit iOS browser flaw
    @doctorSpoc And what do trickytom2's posts in threads about Apple products have to do with facts? Just like your question, they don't.
    ZDNet Gravatar
    non-biased
    11th Aug 2010
  • RE: Theoretical attacks exploit iOS browser flaw
    @trickytom2 It's not a virus, it is a security hole.
    ZDNet Gravatar
    prof.ebral
    6th Aug 2010
  • RE: Theoretical attacks exploit iOS browser flaw
    The story has nothing to do with viruses ... but the MS fanboys don't have restricted reading comprehension skills. Like the radical right they see everything through a distorting prism.
    ZDNet Gravatar
    john_gillespie@...
    6th Aug 2010
  • RE: Theoretical attacks exploit iOS browser flaw
    @john_gillespie@...

    You are aware that trickytom2 was being sarcastic, and is in fact attempting to support MS not Apple.

    His use of the term Virus was intended to be sarcastic, so to comment on the poster's lack of knwoledge by the use of the term is redundant - or if you think it was made seriously then your criticism applies to MS fanboys.

    Or did you not mean don't? in which case you have criticised the MS fanboy in reverse.
    ZDNet Gravatar
    richardw66
    6th Aug 2010
  • RE: Theoretical attacks exploit iOS browser flaw
    Don't you mean did I mean do? Was just trying to adhere to the silliness of the article. Was think that the MS fanboys would respond that they do have restricted skills. Actually I don't know why I read these articles as most are worthless and wind up being a pissing contest. "Nobody's right if everybody's wrong." ... for what its worth (Buffalo Springfield)
    ZDNet Gravatar
    john_gillespie@...
    8th Aug 2010
  • RE: Theoretical attacks exploit iOS browser flaw
    Always a good idea to keep track of and shut down any vulnerabilities. At least the article had the good sense to use the term 'theoretical' in that there has been no actual malicious beasties discovered in the wild, ala Windows.
    Bring it on though, MS fans, tell us how Apple's products are riddled with viruses and malware. The reality is that it is far more secure than any MS product. An interesting point is raised however in that OS X, iOS, and Android are cousins in they are both *nix flavors and share a good history of security. Sharing some of the insecurities as well would be my guess.
    Oh and you can choose, at least in OSX, which PDF viewer is automatically opened when you download a pdf file which means if the security breach is in Preview you can select another viewer until Apple patches it up.
    ZDNet Gravatar
    dheady@...
    6th Aug 2010
  • RE: Theoretical attacks exploit iOS browser flaw
    @dheady@...

    I hate to tell you this but Apple has some security holes. It's just that Windows security holes get found and exploited and systems get infected in their millions, and botnets grow, and Chinese students steal government secrets.

    Apple security holes get found in competitions of the world's top hacking experts, and then they get plugged.

    Or in this case get found by co-operative teams of hackers who hack for the user's benefit, and who publish their efforts and the holes get plugged.

    So - OK this is not scientific proof of the invincibility of iOS/OS X exactly.

    And it certainly is not a claim of Apple OS security perfection.

    But you'd have to be pretty darn stupid to buy a Windows PC if you were not an expert at keeping out viruses - and not only by running a few anti-virus packages, but it also comes in real handy to be able to kill off a few infections on your own when the anti-virus software does not know of the new virus that just got released, at least not yet, maybe when it has already spread.

    On Apple product - not so much, 3 infections in 26 years across all Macs I know of, is a little better than 18 at once on just one PC that was theoretically protected. Not to mention the other PCs I know of that are beyond anything but a reformat.

    you can select another viewer until Apple patches it up.

    Yes you can - and for that matter this is then not an OS vulnerability - it technically is an App vulnerability, if that matters.

    On iOS though you can't easily change apps for reading PDF.

    And it is not long since Adobe Reader was patched for an almost identical vulnerability, so Adobe Reader users should have had to switch to Preview to avoid the problem.

    This of course does not make it OK - but it does put the whole thing in perspective.

    Hackers find holes and exploit them. Holes exist. Hopefully security experts and/or benign hackers (jailbreak teams in this case) find the holes first and bring them to the attention of the developers so that they get patched.

    Yet again it is not the existence of security holes that defines the security completely - all systems have holes, no matter how much work goes into protecting them. It is much more complex than that.

    There is a way to break into anything - it just depends on the knowledge of the person trying to break in, and how much effort they are prepared to apply to the attempt.

    What matters is what weaknesses actually get exploited and how much damage is done in the process.

    It's a constant race to catch bugs before they get exploited. It is not about being 100% secure at day 1 - that is just not going to happen.

    And at the moment if this is a race Apple is winning against MS - and millions of people are paying for backing the loser.
    ZDNet Gravatar
    richardw66
    6th Aug 2010
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity