“It's hard to take advantage of,” says Christopher Boyd, Malware Intelligence Analyst

May 7, 2014 07:07 GMT  ·  By

Following the discovery of a flaw in iOS 7 by security researcher Andreas Kurtz, the people at Malwarebytes agreed to do a brief interview with us to shed some light on the severity of the vulnerability at heart. In a nutshell, it’s not as serious as the media would have you believe.

We wanted to make sure everyone was getting their facts straight and asked Malwarebytes’ malware intelligence analyst Christopher Boyd to tell us who discovered the flaw and reported to Apple first. Boyd confirmed it was indeed Andreas Kurtz who made the original findings, and pointed us to his blog post.   With that out of the way, we wanted to know how serious the flaw was, including on a malware-type scale, and how probable it is that someone would actually go to the trouble of exploiting it and steal a person’s data.

“It's hard to take advantage of,” said Boyd, “and you can't really rummage through someone's email attachments easily without the phone physically being in your hand.”

In other words, it’s about as serious as not setting a passcode lock on your device. Which brings us to our next question & and answer:

“What can users do to protect themselves against this flaw?” Boyd responded, “Owners of Apple devices should use lockscreen passwords in case of theft, and use other secure apps until Apple has resolved the situation.”

We were quick to accuse Apple’s lack of action weeks after they learned about the existence of the bug, but Malwarebytes assures us that this time around there’s no reason to rush out a patch.

“Apple has said it’s looking into it and I think we need to see what it does next. As mentioned previously, the attacker needs to have your phone in their hands and if that's happened and the phone has no password then at that point you may have bigger problems than a few unencrypted attachments.”

A commenter to our original coverage of the flaw makes a great point for the state of the device used to show the flaw being jailbroken.

Identified as pneumono on Softpedia, this person appropriately noted, “So he jailbroke the device, and accessed the filesystem. When you have root access to any device, ANY device, you can access anything stored on the filesystem. That's the point. Any device running any OS where the user has root access (or Administrator access on Windows) can access anything, including email attachments. This isn't a bug, just the fact that security is impossible locally.”

We included this comment in our interview with Malwarebytes and Boyd told us, “It's certainly a good reminder of the benefits of physical security and keeping an eye on your devices at all times!”

Apple has recently confirmed that the company “is aware of the issue and are working on a fix which will be delivered in a future software update.”