devil

Apple to issue patch for browser flaw

Security update will fix Safari flaw discovered with the release of JailbreakMe app

Apple has confirmed that it will release a software update to address a recently discovered vulnerability in the way its mobile devices handle some web pages.

The patch will fix a flaw that could theoretically make it possible for a hacker to gain access to an iPhone, iPad or iPod touch simply by tricking its user in to opening a PDF document loaded with malicious code.

The problem came to light with the release of the iPhone Dev Team’s latest “jailbreak” app for the iPhone. Previous versions had to be side-loaded on to the device via a computer, but the new JailbreakMe tool can be installed and run on a device simply by visiting the JailbreakMe.com website.

It alerted security experts to the possibility that such a process could be used as a blueprint by hackers to find ways to exploit Apple users through their device’s web browser.

“We are aware of this reported issue,” said Apple in a statement. “We have already developed a fix and it will be available to customers in an forthcoming software update.”

Apple did not say when the update would be made available to users.

The German government believes the security flaw to be so serious that it officially warned citizens of the dangers posed by the Safari vulnerability.

“This allows potential attackers access to the complete system, including administrator rights," warned the Federal Office for Information Security.

“It has to be expected that hackers will soon use the weak spots for attacks. The information used in this hack is publicly available, and can be used to infect a device running iOS simply by opening a specially crafted PDF file.”

It is unclear whether the patch will prevent the JailbreakMe.com app working correctly. Last week, the US Government ruled that the jailbreaking of mobile phones was a legal right. Apple warned that jailbreaking would void the warranty on any device.


ADVERTISEMENT
Subscribe to this Blog via Email :

Would love to here from you...