Apple warned: Patch 'jailbreak'
security hole
GMANews
At the risk of being a killjoy, a
computer security firm on Thursday
urged Apple Inc. to quickly patch a
PDF vulnerability in its mobile devices
like iPads and iPhones.
Sophos senior technology consultant
Graham Cluley said it is possible
cybercriminals may set up sites
claiming to jailbreak the Apple mobile
devices, but which actually plant
malware.
“I don’t want to be a party pooper for
those who wish to jailbreak their Apple
devices, but it’ s essential that Apple
closes this vulnerability as quickly as
possible.. . before it is abused with
malicious intent," Cluley said in a blog
post .
“All eyes now turn to Apple to see how
quickly it can secure its users from
what could be a vector for iPhone/iPad
malware infection. Leaving a security
hole like this open is simply inviting
malicious hackers to exploit it," he
added.
He cited the case of JailbreakMe. com,
a site that supposedly exploits a PDF
vulnerability to unlock iPads and
iPhones so they can use apps not
authorized by Apple.
JailbreakMe. com offers a "reversible"
jailbreak for users who decide later on
to revert to the "authorized" iOS
environment.
“(But if malware makers) exploited the
same vulnerability in a copy-cat
maneuver, cybercriminals could create
booby-trapped webpages that could -
if visited by an unsuspecting iPhone,
iPod Touch or iPad owner - run code
on visiting devices," Cluley said.
Cluley indicated the JailbreakMe.com
site may even work on Apple’s
relatively new iPad 2 tablet.
“A website like JailBreakMe is making it
easy to jailbreak your iPhone or iPad -
but it could also be said to be giving a
blueprint to malicious hackers on how
to infect such devices with malware,"
he said.
On the other hand, he noted “Comex ,"
the creator of the JailBreakMe website,
may have recognized that hackers
might copy the exploit to use in the
form of an iPad or iPhone virus.
He cited a note in Comex’s site
claiming he or she merely discovered
the vulnerabilities.
“I did not create the vulnerabilities,
only discover them. Releasing an
exploit demonstrates the flaw, making
it easier for others to use it for malice,
but they have long been present and
exploitable. Although releasing a
jailbreak is certainly not the usual way
to report a vulnerability, it still has the
effect of making iOS more secure in
the long run," Comex said in his/her
site. — TJD, GMA News
security hole
GMANews
At the risk of being a killjoy, a
computer security firm on Thursday
urged Apple Inc. to quickly patch a
PDF vulnerability in its mobile devices
like iPads and iPhones.
Sophos senior technology consultant
Graham Cluley said it is possible
cybercriminals may set up sites
claiming to jailbreak the Apple mobile
devices, but which actually plant
malware.
“I don’t want to be a party pooper for
those who wish to jailbreak their Apple
devices, but it’ s essential that Apple
closes this vulnerability as quickly as
possible.. . before it is abused with
malicious intent," Cluley said in a blog
post .
“All eyes now turn to Apple to see how
quickly it can secure its users from
what could be a vector for iPhone/iPad
malware infection. Leaving a security
hole like this open is simply inviting
malicious hackers to exploit it," he
added.
He cited the case of JailbreakMe. com,
a site that supposedly exploits a PDF
vulnerability to unlock iPads and
iPhones so they can use apps not
authorized by Apple.
JailbreakMe. com offers a "reversible"
jailbreak for users who decide later on
to revert to the "authorized" iOS
environment.
“(But if malware makers) exploited the
same vulnerability in a copy-cat
maneuver, cybercriminals could create
booby-trapped webpages that could -
if visited by an unsuspecting iPhone,
iPod Touch or iPad owner - run code
on visiting devices," Cluley said.
Cluley indicated the JailbreakMe.com
site may even work on Apple’s
relatively new iPad 2 tablet.
“A website like JailBreakMe is making it
easy to jailbreak your iPhone or iPad -
but it could also be said to be giving a
blueprint to malicious hackers on how
to infect such devices with malware,"
he said.
On the other hand, he noted “Comex ,"
the creator of the JailBreakMe website,
may have recognized that hackers
might copy the exploit to use in the
form of an iPad or iPhone virus.
He cited a note in Comex’s site
claiming he or she merely discovered
the vulnerabilities.
“I did not create the vulnerabilities,
only discover them. Releasing an
exploit demonstrates the flaw, making
it easier for others to use it for malice,
but they have long been present and
exploitable. Although releasing a
jailbreak is certainly not the usual way
to report a vulnerability, it still has the
effect of making iOS more secure in
the long run," Comex said in his/her
site. — TJD, GMA News
