A patron navigates the wine list on an iPad at a Chicago steakhouse.
ASSOCIATED PRESS Enlarge
BERLIN — The software running Apple's iPhones, iPads and the iPod Touch has "critical weaknesses" that could be used by criminals to gain access to confidential data on the devices, Germany's IT security agency warned Wednesday.
Clicking on an infected PDF file "is sufficient to infect the mobile device with malware without the user's knowledge" on several versions of Apple's iOS operating system, the Federal Office for Information Security said.
The same could occur when opening a website that carries an infected PDF file, possibly opening the device to criminals spying on passwords, planners, photos, text messages, emails and even listen in on phone conversations.
"The weak points allow possible attackers to gain administrator rights and get access to the entire system," it said.
The problem may occur on all devices — iPhone 3GS, iPhone 4, iPad, iPad 2 and the iPod Touch — with software versions including iOS 4.3.3, and it "cannot be excluded" that other iOS versions have the same weakness, it said.
Apple Inc. has yet to offer a patch to fix the problem, the agency added.
Apple Germany spokesman Georg Albrecht told The Associated Press he was aware of the warning, adding that Apple would not comment on it.
The agency said it was in contact with the firm regarding the security hole.
No attacks taking advantage of it have been reported so far, "but it must be expected that attackers will soon exploit the weak points," it said.
The agency urges the devices' users to refrain from opening PDF files of unknown origin, be it as an email attachment or those opening through websites.
"Possible scenarios for attacks by cyber criminals include the extraction of confidential information (passwords, online banking data, calendars, e-mails, SMS or contacts), accessing the device's cameras, the user's GPS data as well as listening in on phone conversations," the statement said.
The Bonn-based institution reported a similar security hole last year, for which Apple soon afterward presented a software upgrade fixing it.