Apple iOS Security Flaws Put iPhones, iPads, iPods at Risk

Apple iOS Security Flaws Put iPhones, iPads, iPods at Risk
Apple iOS Security Flaws Put iPhones, iPads, iPods at Risk

Security researchers have identified two vulnerabilities in Apple's (AAPL) iOS that could potentially allow malicious attackers to gain complete control of other people's iPhones, iPads and iPods, according to an advisory by Vupen Security.

Apple, which historically has claimed its OS is more secure than Microsoft's (MSFT) Windows, is increasingly becoming a target of hackers and crackers, who don't mind taking the time to develop nefarious software to gain access to Apple's devices. In large part, this development has come since Apple's iPhone, iPod and now the iPad have gained sizable followings.

According to Vupen, the security flaws could affect people using the Mobile Safari Web browser on their iOS devices. Users could be at risk if they land on a malicious website and try to open a PDF document: The attackers can take advantage of a memory corruption error when certain data in the PDF is being processed, and move on to execute arbitrary code.

A second vulnerability comes from an error deep within the iOS, which lets hackers gain high-level privileges on a device,
commandeering it without the user's knowledge or consent.

Currently, the only reports of anyone taking advantage of these security flaws have concerned JailbreakMe, an application which uses them to help iPhone, iPad and iPod users load non-Apple-approved applications and themes on their devices. Apple says it's aware of the security issue and is currently investigating, according to a Reuters report.

Apple iPhones and iPods running iOS versions 3 through 4, as well as iPads running iOS version 3, are affected, according to Vupen.

Until Apple devises a fix for the flaws, users should take the same steps they would to avoid other viruses and hacking attacks: Never click on a link to a website in an email, or open an attachment that was emailed to you, unless you know who sent it.