Vulnerability in Safari Browser Exposes Details of iPad 3G Owners
AT&T acknowledged in the second week of June 2010 that many iPad 3G owners had fallen to the information leakage attack. The information was pilfered and exposed by the security group called Goatse Security. The same group has underscored one more security loophole in the iPad.
The group discloses that vulnerabilities in Safari browser are responsible for the targeted attacks on iPads. The exploit takes advantage of integer overflow exploit that gives an access to proxy connects on banned ports. This helps in performing all types of ill activities such as malware and spam deliveries to locally connected machines.
Escher Auernheimer, Security Researcher at Goatse Security, states that the vulnerability in Safari browser came into prominence in March 2010 has not been fixed yet on iPad, as reported by Daily Tech on June 15, 2010.
The security experts reveal that the vulnerability in browser was fixed on the desktop version. This question has left people wandering that after the three months of vulnerability discloser, it has not been fixed for iPad users.
Escher Auernheimer further states that the vulnerability could be blend with the ICC-ID data to successfully accomplish the attack. The free querying of AT&T website results into the garner of ICC-IDs that helps in determining the location of iPad owners.
Talking about the Safari exploit, Goatse Security has claimed that the single hour of labor lead to the breach of security protocols. As the security holes still open, there is a tremendous pressure on both AT&T and Apple to resolve the situation as soon as possible.
Meanwhile, Goatse Security has said that AT&T and Apple are showing indifference towards the publication of vulnerability in safari browser. Replying to the accusation, the company has openly admitted that the potential of this type of attack and the number of iPad users (stewards of commercial and public infrastructure) necessitated the public disclosure of the vulnerability. People have the right to understand the nature and scope of vulnerability immediately.
The security experts have stated that in case Apple and AT&T fail to release the patch quickly, then iPad could evolve as preferred tool to attack corporate networks.
Related article: Vulnerabilities in Web Applications Invite Hackers’ Activities
» SPAMfighter News - 23-06-2010