iPhone, iPod Touches and iPad user the next time you’re going to open a PDF attachment, make sure you know where that file attachment came from.
It has been revealed that there is a vulnerability in iOS version 3.1.2 and above in which opening a PDF file from an unknown source can render your device exposed to attacks from hackers. The exploit allows hackers to take over controls of your device and do just about anything you can with it. Hackers with access to your device via this exploit can delete files, transmit files, install programs running on the background that can monitor your actions, basically, your iPhone is the hacker’s oyster.
This exploit is evident in legit iOS versions, so if your device is not jailbroken, you are vulnerable to attacks. All the user needs to do it open Safari, download the affected PDF file in which contains a font that hides a special program. When your iOS device tries to display the PDF file, that font causes something called stack overflow, a technical condition that allows the secret code inside the font to gain complete control of your device.
This is not the first time such an exploit had been discovered by hackers. Earlier generation iPhone could be hacked using a similar vulnerability when opening TIFF files using the iPhone. Just likethe PDF exploit, the TIFF vulnerability allows hackers to take over the compromised iPhone. This was fixed with a patch in a OS update.
At this moment, prevention is your best bet. So if you’re going to open PDFs on your iPhone make sure you know what you’re opening and you got it from a trusted source. If you’re running a jailbroken iPhone, then head on over to Cydia and look for the “PDF loading warner” app. The app will warn you everytime you are about to open a PDF file.
[source]
[picture credit]
