CybersecurityCritical vulnerability found in Apple iPhones and iPads

Published 12 July 2011

Apple is scrambling to develop a fix for a software vulnerability that leaves its iPhone, iPad, and iPod Touch devices susceptible to hackers; according to Germany’s Federal Office for Information Security, which discovered the critical software vulnerability, hackers can steal confidential data from the devices without the user even suspecting it by exploiting a flaw in the program that allows users to “jail-break” their devices and run non-Apple software

Apple is scrambling to develop a fix for a software vulnerability that leaves its iPhone, iPad, and iPod Touch devices susceptible to hackers.

According to Germany’s Federal Office for Information Security, which discovered the critical software vulnerability, hackers can steal confidential data from the devices without the user even suspecting it. By exploiting a flaw in the program that allows users to “jail-break” their devices and run non-Apple software, hackers have already begun stealing sensitive data much to the alarm of security analysts.

Installing the software to jail-break Apple devices carries security risks, but many users choose to do it anyways so that they have the freedom to install applications or software that have not been pre-approved by Apple.

Charlie Miller, a prominent hacker of Apple products, said that it probably took many months to develop a program that allows users to circumvent Apple’s restrictions, but hackers would only need a few days to tamper with the product for malicious purposes.

A site has already developed a software fix for the program, but downloading it would require users to defy Apple and jailbreak their device.

So far Apple has yet to develop a solution. Bethan Lloyd, a spokeswoman for Apple, said the company is “aware of this reported issue and developing a fix.” There has been no word on when the patch will become available.

Cyberattacks against mobile phones still lag behind personal computers, but analysts believe that the number of attacks will soon increase as smartphones contain a large amount of personal data like online banking transactions, e-mail contacts, and calendars. In addition, the lack of consumer awareness and the security vulnerabilities on portable electronic devices make them an even more attractive target for hackers.

Analysts encourage users to think of their smartphones like computers and are urging them to take similar precautions.

These things are computers — they’re just small, portable computers that happen to have a phone tacked onto them,” said Marc Fossi, manager of research and development for Symantec Security Response. “You’ve got to treat them more like a computer than a phone. You have to be aware of what’s going on with these devices.”