Apple says it has patch for remote hack attack

August 9, 2010 By Byron Acohido, USA Today

Apple is quietly wrestling with a security conundrum. How the company handles it could dictate the pace at which cybercriminals accelerate attacks on iPhones and iPads.

is hustling to issue a patch for a milestone security flaw that makes it possible to remotely hack - or jailbreak - iOS, the operating system for iPhones, iPads and iPod Touch.

The patch is completed, Apple spokeswoman Natalie Kerris said in an interview. But Kerris said on Friday that she was not able to give a time frame for its public release.

Jailbreaking refers to hacking iOS to download Web apps not approved by Apple. This used to be difficult. This spring, a website came along called that made it trivial to jailbreak your own iPhone or . Last week, a technique for remote jailbreaking appeared on the site. It's now possible to access the operating system of an iPhone or iPad owned by someone else.

An attacker would get "fairly complete control of affected devices," says Michael Price, an operations manager for McAfee Labs. No such attacks are known to have happened yet, he says.

For the moment, the most visible concern for Apple has been pranksters going into Apple and Best Buy retail stores and jailbreaking display models, according to tech blog Engadget. Yet, the security and privacy issues are serious.

Security experts expect the pattern that has come to dominate the PC world to begin to permeate smartphones. Bad guys continually flush out new security flaws in PCs, then tap into them to launch malicious attacks. Good guys, meanwhile, scramble to patch and block.

Now, cybercriminals are rapidly adapting PC hacking techniques to all smartphone platforms, including Symbian, Google Android, Windows Mobile, and Apple iOS.

"It's a brand new game with new rules," says Dror Shalev, chief technology officer of DroidSecurity, which supplies protection for Google Android phones. "We're seeing rapid growth in threats as a side effect of the mobile Web app revolution."

IPhones, in particular, have become a pop culture icon in the U.S., and now the iPad has grabbed the spotlight. "The more popular these devices become, the more likely they are to get the attention of attackers," says Joshua Talbot, intelligence manager at Symantec Security Response.

Apple's problem is singular. The company has made a big deal about hiding technical details of iOS, allowing only approved Web apps to tie in. This tight control initially made it easier to keep iOS secure. But now Apple may have to share iOS coding with anti-virus firms, says Sorin Mustaca, development manager for anti-virus firm Avira.

Windows, , Nokia and RIM share such coding to help anti-virus firms develop protections. "Apple does not allow this, making it challenging for anti-virus vendors to create third-party protection for iPhones and iPads," Mustaca says.

Pressure is building. Mikko Hyponnen, senior researcher at anti-virus firm F-Secure, says hackers are likely working on a worm to take control of jailbroken iPads and iPhones. "My guess is we'll see it within a week," Hyponnen says. "There's very little users can do to protect themselves beforehand."

Apple is aware of the threat, but not saying much publicly. "We'll do everything we can to make sure this is not an issue for our customers," Kerris says.

Apple must coordinate patching with some 15 phone companies worldwide, says John Hering, CEO of mobile security firm Lookout. And iPad and users likely will have to manually install the patch via iTunes. "We're in a cat-and-mouse game with openness and security at odds, and consumers stuck right in the middle," Hering says.

Explore further: Germany warns of Apple security problem

Related Stories

Germany warns of Apple security problem

August 4, 2010

(AP) -- Several versions of Apple's iPhone, iPad, and iPod Touch have potentially serious security problems, a German government agency said in an official warning Wednesday.

How Secure are iPhone and Android Apps

April 1, 2010

( -- Today's smartphones are pocket size computers that can be customized by downloading applications. This is what makes a smartphone vulnerable to cybercriminals. In this article we will examine how an iPhone ...

Recommended for you

When words, structured data are placed on single canvas

October 22, 2017

If "ugh" is your favorite word to describe entering, amending and correcting data on the rows and columns on spreadsheets you are not alone. Coda, a new name in the document business, feels it's time for a change. This is ...

Enhancing solar power with diatoms

October 20, 2017

Diatoms, a kind of algae that reproduces prodigiously, have been called "the jewels of the sea" for their ability to manipulate light. Now, researchers hope to harness that property to boost solar technology.


Adjust slider to filter visible comments by rank

Display comments: newest first

5 / 5 (2) Aug 09, 2010
Jailbreaking refers to hacking iOS to download Web apps not approved by Apple.

No. It's to download /native/ apps, not /web/ apps. You don't download web apps, you just visit them via a web browser, and web apps do NOT need to be approved by Apple (and aren't). ONLY native apps need Approval from Apple (unless you've rooted or jailbroken your phone).

says hackers are likely working on a worm to take control of jailbroken iPads and iPhones.

Not if the iPhone was jailbroken with, as part of that hack is to close the very security vulnerability that allowed it in the first place. Of course, running a jailbroken phone means you put more of your phone's security in your own hands and have to be smarter about what you choose to install. In that regard, jailbroken phones /could/ have a higher likelihood of becoming infected (depending on the security practices of each, individual phone's user).
5 / 5 (1) Aug 09, 2010
"Security and openness at odds"... I enjoy several Apple products, but I'm always disappointed to see this kind of talk. Security through obscurity NEVER works.

There's a lot to be said for open source, in addition to being able to take control over your own phone (rooting, jailbreaking, etc.) CSharpner's spot on about this.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.