Jul 12, 2011

Hackers Show Exploit in Apple iOS Security Flaw

Hackers have revealed a number of security bugs in software developed by Apple, Inc. that can easily be exploited by criminals that are intent on getting remote control over devices. Compromised products include the iPhone, iPad and iPod Touch.

The flaw in the iOS operating system came to light when the website www.jailbreakme.com released the code that allowed Apple consumers to modify the parameters of the iOS. The “jail breaking” process is often used by Apple customers to allow them to download and run apps that have not received Apple approval. They have also been used to allow iPhones on carrier networks that do not have approval from Apple.
Security experts have warned that criminal hackers could easily download the code and take the time to reverse-engineer it into an identifiable hole in the security of Apple’s new OS. With that kind of positioning, it becomes easy for them to build a piece of malicious software within the span of a few days. While this would have happened regardless, releasing the jail breaking code has significantly reduced the amount of time required.
“If you are a malicious attacker, it is fairly doable,” said Patrik Runald, an Internet security researcher from the firm Websense.
Apple, for its part, has not yet updated iOS to protect customers from any potential software that exploits the flaw, nor have they released any update that fixes the problem.
“We are developing a fix that will be available to customers in an upcoming software update,” said Trudy Muller, a spokeswoman for Apple. Apple has always had a vocal stance against jail breaking, which will void the warranty.
Even just a single flaw in iOS could potentially affect millions of devices, causing damage to the millions of iDevices out there that have become the core of Apple’s business. An estimated 25 million iPads have been sold since it first hit the market, while 18 million iPhones were sold within the first quarter of 2011.
The vulnerability in the code can be exploited through the creation of a malicious PDF document, which allows for the infection of Apple devices that attempt to open the file. Once infected, security experts believe it is possible for hackers to do anything they want. This includes stealing data like passwords, documents and e-mail messages.
According to Comex, a hacker in New York State that helped in developing the jail-breaking tool, it is still possible to patch the software before other hackers develop software capable of exploiting the bug. The last time he released a version of his software, Apple managed to patch it before any malicious code to exploit vulnerabilities were developed. However, there was a chance that Apple might not be able to move quickly enough this time around.
Comex has said that the code is “not that hard to reverse engineer.”


Post a Comment