Apple iOS, which powers devices such as the iPhone, iPod touch and the iPad, has been found to contain vulnerabilities that might lead to data loss or may give hackers unauthorised access to confidential data in these devices.
Cyber criminals can take advantage of the flaw to infect Apple devices running iOS with PDF files, and can extract information from the device without even using a malicious software or program.
Although no attacks pertaining to the problem have been reported anywhere in the world, the existence of such vulnerabilities leave a big question mark on the security of Apple devices, which have enjoyed a reputation of being virus-free.
Apple meanwhile is yet to announce a patch to curb the vulnerabilities identified by BSI (Bundesamt für Sicherheit in der Informationstechnik), a German IT security agency BSI said that by exploiting the flaw cyber-criminals could read confidential information (passwords, online banking data, calendars, e-mail content, text or contact information). They could access built-in cameras, intercept telephone conversations and access the users’ GPS localisations.
Currently all iPhone 3G devices and devices running on iOS version 4.3.3 are at risk with the vulnerability in their operating systems.
Until a software patch is issued by Apple, BSI recommends that PDF documents from unknown or untrusted sources should not be opened on iOS devices. This applies to PDFs that are provided in the context of websites as well as to e-mails or other applications. Hyperlinks in e-mails or web pages should be opened only if they come from trusted sources.