In a shocking revelation, Charlie Miller has reported that the iPad is crippled with the same memory addressing security vulnerability as the iPhone. It is said that a vital security feature known as “Address Space Layout Randomization (ASLR)” is missing in the operating software installed on this device. Apple products are known to use Data Execution Prevention or DEP to prevent malicious code from executing commands that can alter the system files or the operating software. ASLR is is used to allow only random memory addressing to store commands in different memory locations. Hence, the lack of ASLR feature weakens the defenses of DEP by allowing easy access to hackers, letting them run malicious scripts on existing commands within applications. Thus, it opens up new insecure portals for remote access, making the device vulnerable to external attacks.
Aaron Portnoy, a researcher at the security vulnerability tracking firm Tipping Point, has said, “It’s inevitable that someone will do it in the very near future. But there’s not a huge push to hack it. In terms of exploitation, it’s just not that different from the iPhone.”
It is a known fact that Apple holds a very small market share mainly limited to the US region. So, it is unlikely that there would be a mass scale attack on Apple’s products. Although, one cannot deny the fact that a seasoned hacker could exploit any vulnerability in the software to steal critical information or data.
Aaron Portney says that it is not possible to actually compromise the iPad with a slew of attacks, using Weinmann and Lazzo’s exploits in the current scenario. He adds that the software might just need “some tweaking” for better security. “The build of Safari is slightly different,” he says. “You’d just have to port it to a different version of the software, which would take some debugging.”