Vulnerability in Apple's Mobile Operating System iOS for iPad, iPhone, iPod Touch

A German government agency reports, that Apple's mobile operating system has some serious security flaws.

Based on the findings of the BSI (Federal Office for Information Security), it is possible to install malicious programs on the iPhone, iPod Touch and iPad.

There are two critical vulnerabilities for which no patch is yet available. By just visiting a website and opening a PDF document, malicious software can infect the device. Potential attackers are able to gain administrator rights for the operating system.

Affected by the vulnerabilities are the following Apple iOS versions for the iPhone in version 3.1.2 to 4.0.1, iOS for the iPad in version 3.2 to 3.2.1 and iOS for iPod Touch version 3.1.2 to 4.0. It is possible that older versions of the iPhone OS or iOS are affected by the vulnerability.

Currently no specific attacks have been observed. Possible attack scenarios for cyber-criminals include the reading of confidential data (passwords, calendar, e-mail content, SMS, contacts), access to built-in cameras, tapping the phone and the GPS location of the user.

The agency recommends the following security measures:

It is not recommended to open PDF documents on mobile devices with the iOS. This applies to websites, e-mail and other applications.

The use of the mobile browser on the device should be restricted to trusted websites. Hyperlinks in e-mails or on Web pages should be opened only if they come from trusted sources. When using a search engine, users should not click on a PDF document.