iOS 7 Will Immunize iPhones From Bogus Charger Attacks

Apple has patched an obscure vulnerability in its iOS operating system that could have allowed a malicious hacker to install malware on an iPad or iPhone via a bogus USB charger.

Discovered by researchers at the Georgia Institute of Technology, the vulnerability can be exploited only by a custom-built USB charger outfitted with a tiny Linux computer. But it can be exploited quickly — in under 60 seconds.

“Despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software,” the researchers explain in their Black Hat security conference presentation summary. “All users are affected, as our approach requires neither a jailbroken device nor user interaction. … attackers can hide their software in the same way Apple hides its own built-in applications.”

Potentially nasty stuff. But Apple has already developed a fix that will bolster iOS’s defenses against it. It has programmed the operating system to ask users if they trust the computer to which they’re connecting their device. A simple and effective fix for a nascent exploit that could have evolved into a real threat, given enough time.