The iPad could have more security flaws than the one found on AT&T's web site last week. In a posting Monday, hacker site Goatse Security said "all iPads are vulnerable" because of a weakness in Apple's Safari browser. The notice was in response to an e-mail sent to iPad owners this weekend by AT&T, in which the carrier apologized but blamed the incident on "malicious" hackers.
According to Goatse, a user could click a malicious link in the browser and the security hole could allow unauthorized access to the iPad. The site said Safari does not block off high-numbered, illegitimate ports, or communication channels. This, in combination with the browser's ability to automatically fulfill software requests, could spell trouble. Apple hasn't released a fix or a statement.
The posting about Safari's vulnerability was a retort to AT&T's apology. Goatse brought attention last week to a vulnerability in the carrier's web site that allowed the acquisition of more than 100,000 iPad users' SIM card ID numbers and e-mail addresses.
In its e-mail sent Sunday, Dorothy Attwood, AT&T's senior vice president and chief privacy officer, called Goatse's hack "malicious" and the result of "great effort." She added that "unauthorized computer 'hackers' maliciously exploited a function designed to make your iPad log-in process faster." AT&T said it turned off the web-site feature that made the security breach possible.
Some observers have said AT&T should not be storing confidential information on a publicly accessible web site. The list of e-mail addresses included many high-profile individuals, including staff members in the U.S. Senate and House of Representatives, and employees at the Justice Department, NASA, Department of Homeland Security, The New York Times, Dow Jones, Viacom, Time Warner, and News Corp.
Goatse countered AT&T's e-mail by noting that the breach took only an...
Posted: 2010-06-14 12:18:03
