Skip to main content

iPhone, iPad users: Watch out for malicious PDF files

For the time being, Apple mobile users shouldn't download or view PDF files on their devices.
For the time being, Apple mobile users shouldn't download or view PDF files on their devices.
STORY HIGHLIGHTS
  • Some versions of Apple iOS are vulnerable to malicious code contained in PDF files
  • Apple says it's working on a fix, but it's not known how long it will take
  • Right now, the only way to secure your iPhone, iPad or iPod Touch may be to jailbreak it
RELATED TOPICS

Editor's note: Amy Gahran writes about mobile tech for CNN.com. She is a San Francisco Bay Area writer and media consultant whose blog, Contentious.com, explores how people communicate in the online age.

(CNN) -- Although so far, Android devices pose the greatest risk of mobile malware, no mobile platform is immune to this problem -- not even Apple's iPhone, iPad and iPod Touch.

Recently, ReadWriteWeb reported that the German government issued a warning: Some versions of the Apple iOS mobile operating system are vulnerable to malicious code contained in PDF files.

This means that Apple mobile users who download PDF files currently risk letting cybercriminals access their confidential information, intercept phone conversations or take over other aspects of their device. There is no evidence yet that cybercriminals have done this, but it could happen easily.

Apple says it's working on a fix, but according to The Wall Street Journal, the company is not saying how long the vulnerability has existed, or when exactly this fix will arrive.

In the meantime, Apple mobile users should refrain from downloading and viewing PDF files on their devices.

This mobile security hole uses vulnerabilities in PDFs -- short for Portable Document Format, an open standard for digital documents -- that date back to 2007.

Gizmodo notes: "Does this scenario sound familiar? It should, as variants of this browser-based exploit have been around since 2007. In iPhone OS 1.1.1, it was a Tiff rendering vulnerability; and in iPhone OS 2.0, it was a PDF file that caused all the problems. This PDF hole reared its ugly head again in iOS 4. Each time, Apple patched the exploit and everyone calmed down."

MacNewsWorld reports that this iOS security hole was discovered by a team of hackers called Comex that also offers tools for "jailbreaking" iPhones. (This means undoing the locks that Apple has put in place to prevent its mobile users from downloading or installing software that doesn't come through iTunes or the App Store.)

Apparently, until Apple releases its fix, the only way to secure your iPhone, iPad or iPod Touch against this threat is to jailbreak it.

Gizmodo suggests first using Jailbreakme to jailbreak your device. This tool is delivered via a PDF file that actually uses the security exploit to install software that allows you to jailbreak your Apple device. Then, to close this exploit, download PDF Patch. After that, you can un-jailbreak your device if you like.

Of course, jailbreaking your Apple device can open mobile users to a wide array of additional security risks.

One main reason for Apple's famed "walled garden" is to protect mobile users from malicious or otherwise problematic software that can put their data or devices at risk. And, for the most part, the virtual absence of iOS malware (until now) demonstrates the value of this approach -- especially for less tech-savvy mobile users who aren't quick to spot mobile security threats.

The opinions expressed in this post are solely those of Amy Gahran.

[TECH: NEWSPULSE]

Most popular Tech stories right now