New iOS security fix update on the horizon
Next week sees the iPad 3 press event taking place in San Francisco and if history repeats itself we may see the iOS 5.1 update as well. But before then a loophole has been found in the operating system, which may be of concern for some users, even though there is a new iOS security fix on the horizon.
According to an article over on The Verge a worrying security flaw has been found in iOS that allows third-party developers to gain access to user’s photo and video location data on the iPhone, iPod Touch, and iPad. It seems that when an application requests photo location data on your device, it will then be able to get images and video stored on the device without any further notification.
An unnamed developer managed to create a fake application that would replicate the offending functionality, and the developer in question could easily get hold of location information along with images and video stored on the device being used for the test.
Another developer David E. Chen of Curio mentioned that users images and video could quite easily be uploaded to a server, and once this has been done Apple has almost “no ability to monitor or limit its use”. John Casasanta who developed Camera+ said that it was strange that Apple were “asking for location permission”, but what was really happening that users entire library’s were being accessed.
It is also being claimed that the security flaw may have been present since the release of iOS 4 back in 2010. But the problem may not be around for much longer as sources are claiming a fix is already on route to the software. Apple is apparently already aware of the problem and a security fix will be available with the next iOS release.
The same sources also confirmed that photos and videos being sent to a third-party is an error instead of an intended feature. This latest fix will probably coincide with another patch that is needed to stop apps uploading users address book information without warning. Previously the Path application was found to be downloading user’s device contact information to the company’s own servers, and it has been found that the Path app is not the only one doing such things.
Does this latest security issue worry you?