back to article Apple preps iOS fix as Germany warns of iPhone peril

Apple plans to issue fixes for two security flaws that when exploited together allow attackers to remotely install malicious apps on iPhones, iPads, and iPod touches. Although the critical vulnerabilities surfaced over the weekend, Apple officials didn't acknowledge them until Wednesday, the same day the German government …

COMMENTS

This topic is closed for new posts.
  1. Greg J Preece

    Wow

    That's....bad! Move a slider in a browser, and root the fecking device? Nice security!

  2. Jolyon Ralph
    Thumb Up

    Alternatively... you might want to jailbreak your phone/pad

    and then install the PDF Loading Warner from Cydia, which will warn you whenever mail or safari try to open a PDF so you can cancel it.

    Yet again, the jailbreakers are making iOS secure before Apple do :)

  3. David Webb

    Title goes here

    Was it really needed for you to bash Microsoft/Adobe in a post about Apple? The entire issue is about Apple, so why bring up MS/Adobe at all? Is the PDF reader on the IOS Adobe or Apple? Is the ISO a MS product? Nope? Then I see no reason to detract from the fact Apple are lackluster when it comes to security by trying to fawn MS/Adobe as evil companies who let your OS be taken over 24/7 at a whim.

    1. Anonymous Coward
      Anonymous Coward

      After years and years of MS and Adobe failures...

      You get upset because they make a reference to all the past failures of Adobe and MS when someone who hasn't had a track record for failures fails? In fact, it added some information to the article because it made it clear this was Apple's code and not Adobe's PDF code.

      1. pita_frampton
        Thumb Down

        APPLE PREPS iOS fix...

        Apple still FAILED in my eyes... I won't BUY an Iphone/Itouch. It was cool however, someone tossed their broken Iphone 3Gs that only needed a new screen and LCD. It cost me $55US plus 4hrs of research on installing the parts.

        1. Apple failed by not allowing bluetooth transferring of files to a phone or PC.

        2. Apple failed by not using the universal MICROUSB cables. ( You are stuck with purchasing overpriced propietary APPLE cables and adaptors).

        3. Apple failed by their warranty program (mainly because they are replacing each new release phone with one with either faster processor or bigger hard drive space with minor cosmetic changes every 12 to 16 months).

        I won't be surprised if Apple now make a new Iphone version in 2012 with a new proprietary power/sync cable that cost 50 bucks and all cables from version 1 to 4 obsolete.

  4. J 3
    WTF?

    by default automatically open

    Oh, my... Haven't companies learned yet that automatically opening files always ends in tears?

    1. Anomalous Cowherd Silver badge

      Er

      What do you think happens when you visit a website? What do you think an HTML file is, if not a - y'know - file? The iOS browser brings PDF up to a first level file along with HTML, JPEG, PNG and so on - that's the only difference here.

      To be fair, I work with the guts of PDF on a daily basis and some of the legacy stuff there (parsing Type 1 fonts or some of the freaky CCITT variations etc) is just awful, so there's more room for error parsing PDF than JPEG.

      I'm also surprised on a device like this that Apple aren't flagging the data area as no-execute, which neuters this sort of buffer overrun. I guess not, so we won't see the last of these.

      1. Anonymous Coward
        Anonymous Coward

        I can tell my browser what to open automagically.

        I get the impression the iphone doesn't have that option

        1. Geoff Campbell Silver badge
          Jobs Horns

          Options....

          ....are not really something Apple understand, as far as I can tell.

          GJC

  5. Anonymous Coward
    Coat

    Easy Apple Fix

    “we have already developed a fix and it will be available to customers in an upcoming software update.”

    Yeah, they are going to remove all PDF support from the thing now :P

    1. Adam Foxton
      Jobs Horns

      Hey, they did it with Adobe's other well-known product

      So relations will already be strained between the two. And there's enough of a history of PDFs and Acrobat creating gaping security holes that it wouldn't be hard to get Apple's PR guys to start saying why PDF support isn't necessary.

      Plus the iPhone isn't exactly a business device anyway, so I can't see the absence of PDF support being a problem for most users.

      And there are PDF-> other format converters all over the web, so Jobs would just tell you to use one of them (or rather Apple's pay-to-use certified version).

    2. BristolBachelor Gold badge
      Joke

      Easy iPhone 4 fix

      Just put your finger on the "I don't want PDFs rooting my phone" button that is placed on the side between the two antennas...

      In other news, a user has found that when they hold their phone with their finger over a certain part, pictures don't come out either!

  6. JaitcH
    Jobs Horns

    Rhe chicken or the egg?

    Who found the exploit first - Jailbreakme.com or is the German Federal Office for Information Security?

    Whilst the Jobs gang plays catch-up what are they doing about fixing all the other iOS problems such as Bluetooth. etc? Mind you, Jailbreakme.com did manage to actually get Apple to admit they have 'issues' with the Lemon ware.

    1. A Non e-mouse Silver badge
      Jobs Horns

      NIke Plus

      Or the excellent job that Apple have done to Nike Plus in iOS 4. So good, in fact, that Nike suggest that if you've recently bought an iPhone/iPod & Nike Plus, you return it back to the Apple Store as the system doesn't work.

  7. blackworx
    Coat

    Hur hur

    You said "booby"

  8. Peter Galbavy
    Big Brother

    the sudden rush?

    Saldy, after the last few years, I have a cynical view that the rush to get the fix out is to prevent the phone being jail-broken rather than the prevention of harm to actual real, paying customers. Am I too cynical?

    1. mhenriday
      Pint

      Peter, you beat me to the punch !

      Is that legal ? I'll have to start looking for a fix....

      Henri

  9. Anonymous Coward
    FAIL

    So...

    It doesn't work as a phone and gets rooted if you try to use it for web surfing or email. What exactly is it for? Just a fashion accessory? Of course it will still continue to fly of the shelves, says a lot about the users.

    1. Anonymous Coward
      FAIL

      RE: So ...

      Except the only known exploit doesn't root your phone, it jailbreaks it.

      (as you would know if you'd read the article)

      1. tomboi1978

        FYI

        Rooting the phone is implied as you can't jailbreak it without root access.

  10. Stuart Elliott
    Jobs Horns

    Bit dramatic..

    .. but I guess the sentiment is there I suppose.

    Though it is funny thinking of all the iPads and iPhones in Apple stores with Cydia installed over the last couple of days. :)

  11. Si 1

    Probably old exploits

    IIRC Safari wasn't updated for iOS4, so this is likely an old exploit that they've been saving for the launch of new hardware to make jail breaking as painless as possible, especially now that it's legal in some places.

    It's the same with the custom firmwares for the PSP, hackers find various exploits but they don't release them in case Sony fixes them in the next firmware. Then the hackers use the flaw to attack the latest firmware when it arrives.

    I jailbroke (is it a verb now? ;) ) my old 3G the other day. I'm still not very impressed with Cydia or Rock, they seem to spend 99% of their time downloading lists of updates, which takes ages. Plus the stability and usability of the emulators on there is really rubbish, as are the high prices.

  12. Geoff Campbell Silver badge
    FAIL

    "It just works"....

    ....just took on a whole new meaning. And not in a good way.

    GJC

  13. Robert Hill

    Fix for iOS 3.x users???

    Uh oh, I've been strenuously avoiding an upgrade to iOS 4 on my 3G, due to all of the issues it seems to be causing people...

    Now it looks like I'll have to take the plunge to get this fix...or simply get an iPhone 4. Which I was holding off doing until the white ones came out.

    I have, on these forums, previously defended Apple's desire to only support one release of the iOS at a time. It makes sense, in the scheme of things. But I'm really hating it right now...would love a fork for iOS 3 support. Failing that Apple, can we get an iOS 4 that configures itself minimally for 3G/GS users, with no multitasking, no Spotlight, etc.?

    1. Flugal

      Quite

      In the same position - too many 3G users reporting uissues with last OS upgrade that I decided to hold off.

      The "choice" between keeping a potentially serious security flaw, or upgrading to an OS that grinds my phone to a halt is somewhat short of ideal.

      1. Jolyon Ralph

        Choices for Iphone 2G/3G users

        You have three choices

        a. Upgrade to iOS4 (unless you're on an original iPhone or iPod Touch)

        b. Leave the phone insecure

        c. Jailbreak it then install the PDF Warner.

    2. Pabs
      Jobs Horns

      There is a fork

      The original iPhone doesn't support iOS4.

    3. David Barrett

      Dont Do It!

      I have a 3G, I upgraded to iOS 4... I had it for a week before spending several hours downgrading back to 3.1.3 due to speed issues.

      Simply put the 3G cannot cope with iOS4, camera took 30 seconds to load first time, 20 seconds after that, Settings took 10 seconds, Messages longer... and keyboard response was piss poor... Typed whole sentances then wait for all the key presses to register before contuinuing...

      I really cannot advise you strongly enough NOT to upgrade.

    4. Giles Jones Gold badge

      Simple fix.

      Simple, use Opera Mini.

  14. ES

    iOS 4.1 beta fixes the pdf bug

    The jail break does not work with iOS 4.1 beta, so I guess Apple have already fixed that bug and is why the jailbreak was released now rather than waiting for 4.1.

    -- Lets hope that the dev team have some more holes in their pockets!

  15. Anonymous Coward
    Anonymous Coward

    Pot and Kettle

    Jobby slates Adobe.

    Yet another flaw annouced in iOS leaving users vulnerable.

    But it's not Adobe's fault.

    Jobby is hypocitical and arrogant and WRONG.

  16. eugene
    WTF?

    Apple and security?

    @AC 4.26am

    Apple hasn't had a track record for failures? Can you name one iPhone/iOS that hasn't been rootable and carrier-unlockable very very easily?

  17. Andrew Barr
    FAIL

    Apple OS = Microsoft OS

    iOS 3 = XP

    iOS 4 = Vista

    We are all just waiting for iOS 5 :)

    1. Giles Jones Gold badge

      Bad comparison

      iOS4 is perfectly good, it's nothing like VISTA.

      It's the iPhone 4 antenna that has the quirks.

      Comparing iPhone 4 to VISTA is stupid, VISTA didn't sell well yet the iPhone 4 has.

      1. Anonymous Coward
        Thumb Up

        Perfect Comparison

        Vista was touted to run on XP Hardware, but turned out to be a clinker-built slug-hog released according to the marketing depts schedule, despite a host of known QC issues . Ditto iOS4 - and iPhone4 for that matter.

  18. Rob 101

    Automatically opens PDFs

    I don't care how many people have said it.

    Who the hell thought that was a good idea and why have they not been put down?

    My god, just the sheer annoyance of it would drive me mad.

    1. Anonymous Coward
      Stop

      RE: Automatically opens PDFs

      ...whereas most browsers automagically run Flash unless you tell then not to.

      Which is worse, knowingly running something that obviously has script inside it or opening something that doesn't?

      (Just for the record, I've turned Flash off. It's mostly unnecessary, as you can immediately tell once you've turned it off for a while. About 10% of the Flash is important to the working of the page and that's probably my biased view because I watch videos online ;)

  19. Galidron
    Troll

    What happened?

    According to many posts I've read on different forums the iPhone can't ever be hacked because of signed code limitations. This must not have happened, its just a hoax.

  20. Anonymous Coward
    WTF?

    Eh?

    My iPhone mail app has never opened PDFs automatically - I have to select them. OK, it doesn't ask me to confirm that I want to open it, but an explicit action is required.

    Is my iPhone unusually paranoid or is the article over-egging the mail attack vector.

This topic is closed for new posts.

Other stories you might like