[Infowarrior] - Apple IPhone Security Flaw Highlighted by Symantec, Germany

[Richard Forno]

Apple IPhone Security Flaw Highlighted by Symantec, Germany

By Arik Hesseldahl - Aug 4, 2010

http://www.bloomberg.com/news/print/2010-08-04/apple-iphone-security-flaw-found-by-symantec-may-lead-to-information-theft.html

Apple Inc.’s newest iPhone has a security flaw that can be exploited by users to install unwanted applications and obtain personal information, software maker Symantec Corp. and the German government said.

The vulnerability takes advantage of weaknesses in how certain documents are presented on the iPhone and Apple must take steps to correct it, Symantec said yesterday on its website. Attackers may exploit the gaps to read passwords and e- mails, eavesdrop on phone calls and use built-in cameras, Germany’s Federal Office for Information Security said today.

Symantec said the weakness can let an unauthorized user take full control of all aspects of the device, including the ability to install software not offered on Apple’s iTunes store and not approved by Apple. The iPhone was previously criticized for a design flaw in the antenna that Consumer Reports said can lead to diminished network reception.

Apple spokeswoman Natalie Harrison said the company is aware of the reports about the security vulnerability and is investigating them.

An attacker could use the vulnerability to introduce malicious software to the iPhone, Mountain View, California- based Symantec said. The vulnerability also affects the iPad and the iPod touch, according to Symantec.

“While this is the only currently known exploit for this issue and it is non-malicious, it is quite possible for an attacker to alter the existing payload for a malicious purpose,” Symantec’s director of security response Kevin Haley wrote in a blog post on the Symantec website.

Apple, based in Cupertino, California, rose 27 cents to $262.20 at 1:44 p.m. New York time in Nasdaq Stock Market trading. The shares had gained 24 percent this year before today.

To contact the reporter on this story: Arik Hesseldahl in New York at ahesseldahl at bloomberg.net