Apple devices, such as the iPhone and iPad, can be hacked through a flaw in the way iOS 4 deals with PDF files. The bug can be exploited when a user visits a web address using Safari. The web browser can automatically load a PDF file containing a malicious code, hidden within a font, causing a stack overflow when displayed. Apple is yet to release a patch for the issue, but has kindly advised users not to download a PDF file from an untrusted source, and to try and avoid visiting any PDF links directly.

Paul Vlissidis, technical director at independent IT assurance specialist NCC Group, commented on the newly discovered vulnerability in the iPhone and iPad: “This type of vulnerability is consistent with what has been seen with new technologies. There is always a delay from when they are introduced until new vulnerabilities emerge. This particular weakness is related to how PDF files are handled, that can then lead to malicious files infecting the device.

“Given the speed with which these types of issue are picked up by miscreants, it is important for vendors to issue patches or workarounds quickly and make it easy for users to apply these patches. Users also need to take responsibility for their own security settings and respond to security alerts by the vendors. As smartphones become increasingly popular in the market place, more vulnerabilities such as this will come to light, as hacking capabilities become progressively more sophisticated.”

Another day, another vulnerability…