Germany’s Federal Office for Information Security issued a warning today that iPhones, iPads and the iPod Touch have “critical weaknesses,” the Associated Press reports. The malware is delivered by an infected PDF that can affect the user’s device without them knowing. The same result would occur when a user visits a website with an infected PDF.
This is one of the first malware weaknesses discovered for iOS. Android has an increasing problem with malware and rootkits but so far there has not been a significant weakness exploited on iOS (not counting the 120,000 iPads that were hacked last year which was really more the fault of AT&T than iOS). Is this just the first drip of a coming wave of mobile malware?
According to a Google translation of the German Federal Office for Information Security, the exploit will give the attacker administrative privileges over devices which would include any data, email or contacts stored on the device. So far there is no official patch available for the exploit from Apple. But if you have jailbroken your iOS device, there is a patch available through Cydia.
The exploit exists for all iOS devices running version 4.3.3. The agency stated that it
“currently can not exclude that other versions of the IOS operating system are affected by this vulnerability,” (translated from German with Google Translate).
Apple works with Good Technologies to help secure iOS and has been consulted by corporations that focus on mobile strategy such as Juniper. If there is already a patch for this exploit in the Cydia store than it is likely that the security companies like Good and Fingerprint Security (a popular security app for the iPhone) will have the loophole closed relatively quickly.