News24

iPhone, iPad security loophole found

2011-07-08 11:01

Cape Town - A German agency has found a critical vulnerability in the operating system that runs Apple's iPhone, iPad and iPod Touch devices.

"Apple takes security very seriously. We're aware of this reported issue and developing a fix that will be available to customers in an upcoming software update," said Trudy Muller, an Apple spokesperson.

The Los Angeles Times reported that the German Federal Office for Information Security warned users that surfing to a web page or opening a PDF may allow hackers to exploit the vulnerability.

It said that hackers may be able to access personal information, including banking data.

Many hackers use phishing websites to lure computer users to reveal usernames and passwords to banking information.

Security loopholes

Security firm Kaspersky Lab recently said that in the corporate environment, policy mistakes lead to security loopholes.

"So over the last 12 months, by actively engaging with our corporate users we have noticed that the majority of virus-related incidents occur due to underestimated design issues or unnoticed weaknesses in corporate security policies," said Alexey Polyakov, head of the Global Emergency Response Team at Kaspersky Lab.

Although this vulnerability has been identified, the report noted that no attacks have been observed.

Android, the mobile operating system from Google is not immune to security loopholes and companies race to produce software while criminals look to exploit vulnerabilities.

A security flaw allow hackers to access digital tokens that users might use to log in to Facebook and Twitter on Android devices, but a Google released a patch for the software.

Users of smart devices should avoid suspicious websites and opening executable attachments, especially from unknown senders.


- Follow Duncan on Twitter
 

Comments
  • Independent Address - 2011-07-08 11:13

    "Smart devices" getting hacked... that's ironic

  • Parko - 2011-07-08 11:47

    Apple was never an "enterprise" company. The snowball effect of this will be felt soon

      x - 2011-07-08 11:58

      Ok this is a VERY good comment. You are totally correct. In general people not in IT will not get what you are saying, but you are spot-on.

  • wasp - 2011-07-08 12:08

    "A security flaw allow hackers to access digital tokens that users might use to log in to Facebook and Twitter on Android devices, but a Google patch for software.".... what? Is it me or is this paragraph incomplete?

      Niel - 2011-07-08 12:32

      Its South African English. :)

  • Grunk - 2011-07-08 12:28

    You do realise that every computer and mobile phone sold in the US (and probably everywhere else) has to have a entry point which is accessible by government (NSA) enforcemnt agencies. Therefore there will always, by US dictate, an accessible gateway somewhere for hackers to exploit.

  • Ross - 2011-07-08 13:09

    iPad 2 4.3.3 happily jailbroken here.

  • Seerower - 2011-07-08 14:03

    Was this article really written by someone in the know and was it really researched? It doesn't seem that way. The Germans didn't discover the vulnerability, a hacker named Comex did and used to develope a jailbreak for iOS devices. He discovered it last year and worked on the jailbreak until this week. Days after the iPad 2 was released he used it to jailbreak it but Apple released a "patch" soon thereafter. This did not stop Comex, it merely delayed the jailbreak as he had to work around Apple's patch. He released his jailbreak to the public 3 days ago and coincidentally a German agency finds the same exploit just days thereafter? Yeah, whatever... "Apple takes security very seriously." - If they did then they would have fixed this problem last year when it was discovered. "We're aware of this reported issue and developing a fix that will be available to customers in an upcoming software update," - Comex made it known that he would use the exploit long ago so Apple had fair warning that the vulnerability wasn't fixed. Don't be surprised if iOS 4.3.4 is released very soon to patch this vulnerability now that the jailbreak can show Apple where they went wrong. The second part of the article is even worse. Kaspersky's comments and report was released before the jailbreak was released and the vulnerability made public. The Google/Android security has absolutely no bearing on the rest of the article.

  • pages:
  • 1