Topic: Security flaw in Apple iPhones gives hackers control

[Simon]

The same flaw used to jailbreak Apple's iPhone and iPad could allow hackers to enslave the mobile devices, according to security firms.

The PDF flaw affects Apple's iOS, which also runs the iPod Touch, and could allow hackers to take complete control of a vulnerable device.

“Two vulnerabilities have been identified in Apple iOS for iPhone, iPad and iPod, which could be exploited by remote attackers to take complete control of a vulnerable device,” said McAfee's David Marcus on the company's blog.

“The first issue is caused by a memory corruption error when processing Compact Font Format (CFF) data within a PDF document, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page using Mobile Safari," he said.

“The second vulnerability is caused by an error in the kernel, which could allow attackers to gain elevated privileges and bypass sandbox restrictions.”

According to McAfee's Marcus, these flaws were the same ones used by Jailbreakme to remotely jailbreak Apple devices.

More: http://www.pcpro.co.uk/news/security/360031/security-flaw-in-apple-iphones-gives-hackers-control

[sam]

interesting, but easily avoidable with user education.

[Simon]

But who's going to educate them? 

[sam]

if you jailbrake your phone then you really should know.

[Simon]

True, but I was considering jailbreaking mine, and I wouldn't  have known, had I not read that.  I guess you know you're taking a risk, though.

[Rik]

The trouble is that, nowadays, the threats are everywhere and, the moment you step outside the manufacturer's closed environment, you are on your own.

[Simon]

But if the phones can be hacked in the first place, then surely, even the manufacturers closed environment isn't secure?

[Rik]

True enough.