20110716

iOS PDF Vulnerability Creates Security Risks, Allows Easy Jailbreaks

The German IT Agency has issued a security note about a PDF vulnerability affecting Apple’s iOS. This vulnerability is related to the way iOS handles fonts embedded in PDF files, and could allow remote code execution. In other words, loading a malicious PDF file, either received by e-mail, or loaded from a web page, could lead to attackers executing code on an iOS device.



This vulnerability has been used to provide a simple way to jailbreak iOS devices from a web page. (Jailbreaking is a way of hacking the operating system to allow users to access other features and install software not available through the iTunes Store.) Intego strongly recommends against jailbreaking iOS devices, as this opens them to a number of security risks.


Apple should release a security update to iOS in the near future to deal with this vulnerability. In the meantime, users are advised to avoid downloading or viewing PDF files from untrusted sources on their iOS devices.

No comments:

Post a Comment