Andre Yoskowitz
15 Jun 2010 17:13
Last week, AT&T confirmed that 114,067 iPad 3G owners had their email information leaked to the Web, with the data being stolen and exposed by a group called Goatse Security.
AT&T went as far as to call Goatse "malicious hackers" who attacked AT&T's servers, and the group is now under investigation by the FBI.
Today, the same group has exposed another security hole in the iPad, using the same ICC-IDs given out by using a script on the AT&T Website and determining the locations of iPad owners.
Additionally, the group says an unpatched Safari browser exploit will allow for targeted attacks on iPads. The exploit, reads DailyTech, "uses an integer overflow exploit, which gives access to proxy connections over banned ports, allowing all sorts of ill purposes including spewing spam and malware deliveries to locally networked machines."
Says Goatse of the new Safari exploit: "The potential for this sort of attack and the number of iPad users on the list we saw who were stewards of major public and commercial infrastructure necessitated our public disclosure. People in critical positions have a right to completely understand the scope of vulnerability immediately. Not days or weeks or months after potential intrusion."