Right now , if you visit a web page and load a simple PDF file , you may give total control of your iPhone , iPod touch , or iPad to a cyber-terrorist . The security bug regard all devices running iOS 3.1.2 and higher .
Update : Initially we thought that this exploit only effectuate iOS4 devices , but it turns out all iPhones , iPod Touches and iPads running 3.1.2 and higher are susceptible .
The vulnerability is well exploitable . In fact , the latest one - click , no - electronic computer - requiredJailbreak solution for Io 4 devicesuses this same method acting to burst Apple ’s own security ( although in a altogether benignant way for the user ) .
https://gizmodo.com/iphone-4-jailbreak-now-available-one-click-no-compute-5601874
How it works
It just requires the user to travel to a web address using Safari . The web situation can automatically load a simple PDF document , which contains a font that hide a especial program . When your iOS gimmick tries to exhibit the PDF file , that typeface stimulate something called plenty overflow , a technical status that let the secret ninja codification inside the font to make pure command of your machine .
The result is that , without any substance abuser intervention whatsoever , that program can do whatever it wants inside your iPhone , iPod touch or iPad . Anything you’re able to imagine : Delete files , transport files , install programs go on the background that can monitor your action … anything can be done .
This is not the first metre that something similar has go on . At the beginning of the iPhone ’s life there was a job with TIFF files that also caused the same security breach . Apple patched the bug after a while , but back then there were very few iPhones compared to the current install base . Apple says that there are 100 million iPhones , iPod touches , and iPads in the globe . Obviously , malicious hackers are racing to get a slice of that market .
How can you avoid it?
Right now , the easiest direction to avoid this job is by not pass to any PDF link directly and not loading any PDF from any non - sure source .
you may also jailbreak your iPhone and install a programme that will expect for authorization every clock time your browser app encounters a PDF ( just appear for “ PDF burden warner ” in Cydia ) .
While this does n’t solve the security problem at all , at least it will prompt you every single time .
Apple has n’t remark on the situation yet . [ MacstoriesandDigdog ]
AppleGawkeriPadiPhoneSecurity
Daily Newsletter
Get the adept technical school , science , and finish news in your inbox day by day .
News from the future tense , delivered to your present .
You May Also Like
