Update: Initially we thought that this exploit only effected iOS4 devices, but it turns out all iPhones, iPods touch and iPads running 3.1.2 and higher are susceptible.
The vulnerability is easily exploitable. In fact, the latest one-click, no-computer-required jailbreak solution for iOS 4 devices uses this same method to break Apple’s own security (although in a completely benign way for the user).
How it works
It just requires the user to visit a web address using Safari. The website can automatically load a simple PDF document, which contains a font that hides a special program. When your iOS device tries to display the PDF file, that font causes something called stack overflow, a technical condition that allows the secret ninja code inside the font to gain complete control of your device.
The result is that, without any user intervention whatsoever, that program can do whatever it wants inside your iPhone, iPod touch or iPad. Anything you can imagine: delete files, transmit files, install programs running on the background that can monitor your actions… anything can be done.
This is not the first time that something similar has happened. At the beginning of the iPhone’s life there was a problem with TIFF files that also caused the same security breach. Apple patched the bug after a while, but back then there were very few iPhones compared to the current installed base. Apple says that there are 100 million iPhones, iPods touch, and iPads in the world. Obviously, malicious hackers are racing to get a slice of that market.
How can you avoid it?
Right now, the easiest way to avoid this problem is by not going to any PDF links directly and not loading any PDF from any non-trusted source.
You can also jailbreak your iPhone and install a program that will ask for authorisation every time your browser encounters a PDF (just look for “PDF loading warner” in Cydia).
While this doesn’t solve the security problem at all, at least it will remind you every single time.
Apple hasn’t commented on the situation yet. [Macstories and Digdog]
Nicholas
Wednesday, August 4, 2010 at 7:20 AMHow do i get the anti pdf thing… oh thats right jailbreak D:
too bad i use opera :)
can i just say i did it last night and it was way to easy, it did it all for you and takes no longer then 5 mins.
I un did it though :)
matt
Wednesday, August 4, 2010 at 10:26 AMlol, again its an Apple app that is breached? because they think they are perfect and so their first party apps aren’t put in the same security sandbox as app store apps?
matt
Wednesday, August 4, 2010 at 4:48 PMI thought it was funny how its adobe pdf :)