📜 ⬆️ ⬇️

Gap in the iOS 4 PDF engine

Gap in iOS 4
Now, if you visit a webpage and download a simple PDF file, you can give the attacker full access to your iPhone, iPod touch or iPad. The security breach affects all iOS 4 and iPad devices.

Vulnerability is easy to use. By the way, the latter, the easiest way of jailbreaking , which does not require a computer, uses the same method for breaking the protection of Apple (but in a mode that is not dangerous for the user).

How it works?

A user just needs to visit a certain page using Safari. A page can automatically load a simple PDF document that contains a font that hides a special program. When your iOS device tries to display a PDF file, that font causes stack overflow — a technical condition that allows the secret code inside the font to take full control of the device.

As a result, without any user intervention, this program can do whatever it wants in your iPhone, iPod touch or iPad. Everything that you can imagine: delete files, transfer files, install background programs to track your actions ... everything can be done.
This is not the first time. At the beginning of the life of the iPhone, there was a problem with TIFF files, which was a similar security breach. Apple soon fixed the vulnerability, but before there were very few iPhones compared to today's number. Apple claims that over a hundred million iPhones, iPod touchs and iPads are now sold worldwide. Obviously, hackers are trying to gain access to such a large market for devices.

How can this be avoided?

At the moment, the easiest way to avoid this problem is not to follow any PDF links directly and not download PDF files from untrusted sources. Here the author could have made a mistake without saying that other web pages could also harm your iPhone.

You can also “jailbreak” your iPhone and install a program that will ask for permissions every time your browser encounters PDF (look for “PDF loading warner” in Cydia ).

PDF loading warner

Although it does not solve the security problem, at least the program will warn you about the danger.
Apple has not yet commented on the situation.

Source: https://habr.com/ru/post/100899/

All Articles