Escher Auernheimer of Goatse Security had this to say:
“I released a semantic integer overflow exploit for Safari through
Goatse Security in March– it was patched on Apple’s desktop Safari but
has yet to be patched on the iPad. This bug we crafted allows the viewer
of a webpage to become a proxy (behind corporate and government
firewalls!) for spamming, exploit payloads, password bruteforce attacks
and other undesirables. The kicker is that this attack cannot be
detected by any current IDS/IPS system. We released this in March, mind
you, and Apple still hasn’t got around to patching this on the iPad! I
know through personal experience that the patch time for an iPad
vulnerability is over two months and counting. Given that, the number of
parties which probably have active iPad exploits likely numbers in the
hundreds, if not the thousands. The iPad simply is not a safe platform
for those that require a secure environment.”

http://tinyurl.com/338uz6x

Did you like this? Share it: