iOS was largely spared the lashes Androidreceived last week at Black Hat and Defcon, and it got good marks for security in a Forrester report yesterday. But today, Gizmodo reports a new vulnerability in iOS: Apple’s custom PDF reader. Malicious code can be hidden in fonts that automatically load when a user opens a PDF file, allowing a hacker to take control of the device.
Someone in the comments of the Gizmodo post writes “All of a sudden, a wallpaper application in the Android Marketplace that collects your phone number doesn’t seem so bad, does it?”, echoing All Things Digital’s headline “How’s Apple’s Walled Garden Look Now?. It’s a sobering reminder that those app gardeners aren’t omniscient. (For example, there was a security flaw in Citi’s iPhone app recently).
Ironically, although the vulnerability stems from the same method that can be used to jailbreak an iOS device, jailbroken users can install an app called PDF Loading Warner to avoid accidentally opening a PDF. However, it likely means the fix for this security issue will likely prevent jailbreaking using this method.
All this is good news for RIM, who is desperately trying to stay relevant (though it should be noted BlackBerry’s aren’t invincible either).