Yesterday (August, 5th, 2010) the BSI (federal office for security in information technologies), a governmental organization in Germany issued a warning against devices with IOS on them.

Affected are:

  • Iphone with version 3.1.2 to 4.0.1
  • Ipad with version 3.2 to 3.2.1
  • Ipod Touch with version 3.1.2 to 4.0
  • possible devices with older versions as well

The problem is located in the ability to view PDF files on them. Using this hole, an attacker could run his own code on the devices. The attacker is able to evade the sandbox, which means all the data on the device are at risk, not limited to, but including: GPS location, SMS, passwords, emails and contact informations.

For the full warning have a look at the BSI(german).

Their suggestion is:

  • Do not open PDFs on your device
  • visit only trusted sites with your device
  • Do not follow links in emails or websites you do not trust.
  • If you are using Search engines like google, do not click on PDFs

These guidelines should be followed until there is an software update fixing the problem.