BOSTON (Reuters) - A newly discovered vulnerability in the software that runs Apple Inc’s iPad and iPhone could allow hackers to enslave the popular mobile devices, three security firms said on Tuesday.
The flaw affects Apple’s iOS, which also runs the iPod touch, and could allow hackers to take complete control of a vulnerable device, according to Symantec Corp as well as privately held Lookout and Vupen.
Apple spokeswoman Natalie Harrison said the company was aware of the report and is investigating.
The vulnerability in Apple’s iOS is the latest in a series of security bugs identified in mobile devices over the past week. Security experts at a hacking conference last week pointed out several vulnerabilities in Google Inc’s operating system for mobile phones and tablet PCs.
Mobile devices have become increasingly vulnerable to attack because the software that runs them has gotten far more complex over the past few year, giving the devices many of the same capabilities as personal computers.
“We shouldn’t be surprised to see security bugs happen in very complex software,” said Kevin Mahaffey, chief technology officer for mobile security firm Lookout.
Attackers would need to trick a user into visiting a website planted with a tainted PDF document before infecting an iPad tablet or iPhone smartphone.
Mahaffey said that he is not aware of any incidents in which criminals have exploited the bug to gain control of an Apple device, but said the electronics maker has yet to offer a remedy to protect against such attacks.
“Everybody — both good and bad — knows how it works,” he said.
Reporting by Jim Finkle; editing by Andre Grenon and Robert MacMillan