Hackers expose flaw in Apple iPad, iPhone software

BOSTON (Reuters) - Hackers have disclosed a bug in software from Apple Inc that security experts said could be exploited by criminals looking to gain remote control over iPhones, iPads and iPod Touch devices.

A dedicated iPad station is seen in front of an iPhone at the Apple store in New York May 23, 2011. REUTERS/Shannon Stapleton

The security flaw in Apple’s iOS operating system came to light on Wednesday as the website released code that Apple customers can use to modify the iOS operating system through a process known as “jail breaking.”

Some Apple customers choose to jail break their devices so they can download and run applications that are not approved by Apple or use iPhone phones on networks of carriers that are not approved by Apple.

Security experts warned that criminal hackers could download that code, reverse engineer it to identify a hole in iOS security and build a piece of malicious software within a few days.

“If you are a malicious attacker, it is fairly doable,” said Patrik Runald, a senior researcher with the Internet security firm Websense.

Apple has yet to release an update to iOS that protects customers against malicious software that exploits the flaw.

Apple spokeswoman Trudy Muller said the company was aware of the problem.

“We are developing a fix that will be available to customers in an upcoming software update,” Muller said.

Apple has long been vocal against jail breaking, which if done voids the warranty on its devices.

Any security flaw in iOS software -- which runs Apple’s iPhone, iPad tablet and iPod Touch -- has the potential to affect millions of devices that are at the core of Apple’s business.

Apple has sold 25 million iPads since it launched last year. The company sold over 18 million of its popular iPhones in just the first three months of the year.

Hackers can exploit the iOS vulnerability by creating a malicious PDF document file. It would infect Apple devices when users attempt to open that document, according to Runald.

Once the device is infected, hackers could “do anything they want,” Runald said. That includes stealing passwords, documents and emails.

Comex, a 19-year-old hacker from New York State who developed the jail-breaking tool, said that Apple might be able to patch the software before criminal hackers develop software that exploits the bug.

Last time he put out a version of his jailbreaking software, Apple was able to issue a patch before anybody exploited the bug for malicious purposes.

He said that Apple might not be able to move quickly enough this time.

“It’s not that hard to reverse engineer,” he said via telephone.

Reporting by Jim Finkle, additional reporting by Poornima Gupta; Editing by Bernard Orr