Feeds

back to article Apple preps iOS fix as Germany warns of iPhone peril

Apple plans to issue fixes for two security flaws that when exploited together allow attackers to remotely install malicious apps on iPhones, iPads, and iPod touches. Although the critical vulnerabilities surfaced over the weekend, Apple officials didn't acknowledge them until Wednesday, the same day the German government …

COMMENTS

This topic is closed for new posts.
Silver badge

Wow

That's....bad! Move a slider in a browser, and root the fecking device? Nice security!

6
4
Thumb Up

Alternatively... you might want to jailbreak your phone/pad

and then install the PDF Loading Warner from Cydia, which will warn you whenever mail or safari try to open a PDF so you can cancel it.

Yet again, the jailbreakers are making iOS secure before Apple do :)

16
1

Title goes here

Was it really needed for you to bash Microsoft/Adobe in a post about Apple? The entire issue is about Apple, so why bring up MS/Adobe at all? Is the PDF reader on the IOS Adobe or Apple? Is the ISO a MS product? Nope? Then I see no reason to detract from the fact Apple are lackluster when it comes to security by trying to fawn MS/Adobe as evil companies who let your OS be taken over 24/7 at a whim.

11
3
Anonymous Coward

After years and years of MS and Adobe failures...

You get upset because they make a reference to all the past failures of Adobe and MS when someone who hasn't had a track record for failures fails? In fact, it added some information to the article because it made it clear this was Apple's code and not Adobe's PDF code.

7
4
Thumb Down

APPLE PREPS iOS fix...

Apple still FAILED in my eyes... I won't BUY an Iphone/Itouch. It was cool however, someone tossed their broken Iphone 3Gs that only needed a new screen and LCD. It cost me $55US plus 4hrs of research on installing the parts.

1. Apple failed by not allowing bluetooth transferring of files to a phone or PC.

2. Apple failed by not using the universal MICROUSB cables. ( You are stuck with purchasing overpriced propietary APPLE cables and adaptors).

3. Apple failed by their warranty program (mainly because they are replacing each new release phone with one with either faster processor or bigger hard drive space with minor cosmetic changes every 12 to 16 months).

I won't be surprised if Apple now make a new Iphone version in 2012 with a new proprietary power/sync cable that cost 50 bucks and all cables from version 1 to 4 obsolete.

0
0
J 3
WTF?

by default automatically open

Oh, my... Haven't companies learned yet that automatically opening files always ends in tears?

7
1

Er

What do you think happens when you visit a website? What do you think an HTML file is, if not a - y'know - file? The iOS browser brings PDF up to a first level file along with HTML, JPEG, PNG and so on - that's the only difference here.

To be fair, I work with the guts of PDF on a daily basis and some of the legacy stuff there (parsing Type 1 fonts or some of the freaky CCITT variations etc) is just awful, so there's more room for error parsing PDF than JPEG.

I'm also surprised on a device like this that Apple aren't flagging the data area as no-execute, which neuters this sort of buffer overrun. I guess not, so we won't see the last of these.

1
0

I can tell my browser what to open automagically.

I get the impression the iphone doesn't have that option

0
0
Silver badge
Jobs Horns

Options....

....are not really something Apple understand, as far as I can tell.

GJC

3
0
Coat

Easy Apple Fix

“we have already developed a fix and it will be available to customers in an upcoming software update.”

Yeah, they are going to remove all PDF support from the thing now :P

9
0
Jobs Horns

Hey, they did it with Adobe's other well-known product

So relations will already be strained between the two. And there's enough of a history of PDFs and Acrobat creating gaping security holes that it wouldn't be hard to get Apple's PR guys to start saying why PDF support isn't necessary.

Plus the iPhone isn't exactly a business device anyway, so I can't see the absence of PDF support being a problem for most users.

And there are PDF-> other format converters all over the web, so Jobs would just tell you to use one of them (or rather Apple's pay-to-use certified version).

1
0
Gold badge
Joke

Easy iPhone 4 fix

Just put your finger on the "I don't want PDFs rooting my phone" button that is placed on the side between the two antennas...

In other news, a user has found that when they hold their phone with their finger over a certain part, pictures don't come out either!

0
1
Silver badge
Jobs Horns

Rhe chicken or the egg?

Who found the exploit first - Jailbreakme.com or is the German Federal Office for Information Security?

Whilst the Jobs gang plays catch-up what are they doing about fixing all the other iOS problems such as Bluetooth. etc? Mind you, Jailbreakme.com did manage to actually get Apple to admit they have 'issues' with the Lemon ware.

3
6
Bronze badge
Jobs Horns

NIke Plus

Or the excellent job that Apple have done to Nike Plus in iOS 4. So good, in fact, that Nike suggest that if you've recently bought an iPhone/iPod & Nike Plus, you return it back to the Apple Store as the system doesn't work.

2
0
Coat

Hur hur

You said "booby"

0
0
Jobs Horns

Bit dramatic..

.. but I guess the sentiment is there I suppose.

Though it is funny thinking of all the iPads and iPhones in Apple stores with Cydia installed over the last couple of days. :)

0
0
FAIL

So...

It doesn't work as a phone and gets rooted if you try to use it for web surfing or email. What exactly is it for? Just a fashion accessory? Of course it will still continue to fly of the shelves, says a lot about the users.

3
1
FAIL

RE: So ...

Except the only known exploit doesn't root your phone, it jailbreaks it.

(as you would know if you'd read the article)

0
0

FYI

Rooting the phone is implied as you can't jailbreak it without root access.

0
0
Big Brother

the sudden rush?

Saldy, after the last few years, I have a cynical view that the rush to get the fix out is to prevent the phone being jail-broken rather than the prevention of harm to actual real, paying customers. Am I too cynical?

4
0
Pint

Peter, you beat me to the punch !

Is that legal ? I'll have to start looking for a fix....

Henri

0
0

Probably old exploits

IIRC Safari wasn't updated for iOS4, so this is likely an old exploit that they've been saving for the launch of new hardware to make jail breaking as painless as possible, especially now that it's legal in some places.

It's the same with the custom firmwares for the PSP, hackers find various exploits but they don't release them in case Sony fixes them in the next firmware. Then the hackers use the flaw to attack the latest firmware when it arrives.

I jailbroke (is it a verb now? ;) ) my old 3G the other day. I'm still not very impressed with Cydia or Rock, they seem to spend 99% of their time downloading lists of updates, which takes ages. Plus the stability and usability of the emulators on there is really rubbish, as are the high prices.

0
0
Silver badge
FAIL

"It just works"....

....just took on a whole new meaning. And not in a good way.

GJC

2
1
Bronze badge

Fix for iOS 3.x users???

Uh oh, I've been strenuously avoiding an upgrade to iOS 4 on my 3G, due to all of the issues it seems to be causing people...

Now it looks like I'll have to take the plunge to get this fix...or simply get an iPhone 4. Which I was holding off doing until the white ones came out.

I have, on these forums, previously defended Apple's desire to only support one release of the iOS at a time. It makes sense, in the scheme of things. But I'm really hating it right now...would love a fork for iOS 3 support. Failing that Apple, can we get an iOS 4 that configures itself minimally for 3G/GS users, with no multitasking, no Spotlight, etc.?

2
0
Jobs Horns

There is a fork

The original iPhone doesn't support iOS4.

0
0

Quite

In the same position - too many 3G users reporting uissues with last OS upgrade that I decided to hold off.

The "choice" between keeping a potentially serious security flaw, or upgrading to an OS that grinds my phone to a halt is somewhat short of ideal.

1
0

Choices for Iphone 2G/3G users

You have three choices

a. Upgrade to iOS4 (unless you're on an original iPhone or iPod Touch)

b. Leave the phone insecure

c. Jailbreak it then install the PDF Warner.

1
0

Dont Do It!

I have a 3G, I upgraded to iOS 4... I had it for a week before spending several hours downgrading back to 3.1.3 due to speed issues.

Simply put the 3G cannot cope with iOS4, camera took 30 seconds to load first time, 20 seconds after that, Settings took 10 seconds, Messages longer... and keyboard response was piss poor... Typed whole sentances then wait for all the key presses to register before contuinuing...

I really cannot advise you strongly enough NOT to upgrade.

0
0
Gold badge

Simple fix.

Simple, use Opera Mini.

0
0
ES

iOS 4.1 beta fixes the pdf bug

The jail break does not work with iOS 4.1 beta, so I guess Apple have already fixed that bug and is why the jailbreak was released now rather than waiting for 4.1.

-- Lets hope that the dev team have some more holes in their pockets!

0
0
Anonymous Coward

Pot and Kettle

Jobby slates Adobe.

Yet another flaw annouced in iOS leaving users vulnerable.

But it's not Adobe's fault.

Jobby is hypocitical and arrogant and WRONG.

1
0
WTF?

Apple and security?

@AC 4.26am

Apple hasn't had a track record for failures? Can you name one iPhone/iOS that hasn't been rootable and carrier-unlockable very very easily?

0
0
FAIL

Apple OS = Microsoft OS

iOS 3 = XP

iOS 4 = Vista

We are all just waiting for iOS 5 :)

1
1
Gold badge

Bad comparison

iOS4 is perfectly good, it's nothing like VISTA.

It's the iPhone 4 antenna that has the quirks.

Comparing iPhone 4 to VISTA is stupid, VISTA didn't sell well yet the iPhone 4 has.

1
0
Thumb Up

Perfect Comparison

Vista was touted to run on XP Hardware, but turned out to be a clinker-built slug-hog released according to the marketing depts schedule, despite a host of known QC issues . Ditto iOS4 - and iPhone4 for that matter.

0
0

Automatically opens PDFs

I don't care how many people have said it.

Who the hell thought that was a good idea and why have they not been put down?

My god, just the sheer annoyance of it would drive me mad.

0
0
Stop

RE: Automatically opens PDFs

...whereas most browsers automagically run Flash unless you tell then not to.

Which is worse, knowingly running something that obviously has script inside it or opening something that doesn't?

(Just for the record, I've turned Flash off. It's mostly unnecessary, as you can immediately tell once you've turned it off for a while. About 10% of the Flash is important to the working of the page and that's probably my biased view because I watch videos online ;)

0
0
Troll

What happened?

According to many posts I've read on different forums the iPhone can't ever be hacked because of signed code limitations. This must not have happened, its just a hoax.

0
0
WTF?

Eh?

My iPhone mail app has never opened PDFs automatically - I have to select them. OK, it doesn't ask me to confirm that I want to open it, but an explicit action is required.

Is my iPhone unusually paranoid or is the article over-egging the mail attack vector.

0
0
This topic is closed for new posts.