Techs behind both Apple’s iOS and Google’s Android operating system spent the past week responding to security flaws.
Apple yesterday rolled out an update to iOS (4.0.2), which it says will fix a problem with its mobile Safari browser that allowed hackers to access iDevices through the downloading of corrupt PDF documents. The hole also allowed users to jailbreak their iPhones from the browser-based jailbreakme.com service.
Users can update their firmware to iOS 4.0.2 by connecting to iTunes on their computers.
Meanwhile, the Android operating system came under fire from a new malicious Android application that performs mobile subscription toll fraud.
The malicious application masquerades as a player for multimedia content and during installation requests permission to send text messages. When the user runs the application, it proceeds without any further notice to send text messages to Russian premium rate SMS numbers, driving up the consumer’s phone bill.
Security provider McAfee confirmed the existence of the malware but categorized the threat as low risk for both consumer and corporate users because distribution of the malware is limited.
McAfee said the malicious application isn’t a new trick, but it’s the first time to surface on the Android platform. According to McAfee, premium SMS sending and premium call dialing Trojans performing toll fraud have been detected on multiple mobile platforms since 2006 and on PCs with modems many years before that.
McAfee could not confirm that the application “is in the wild or was ever available via the Android Market application store.” The software does not self-propagate and requires that the user intentionally installs it on the device from another external source.
