updated 11:12 pm EDT, Wed July 31, 2013
Already in iOS 7 beta; hack demonstrated earlier today
Apple says it has already fixed an obscure security flaw that could have allowed hackers to access data on an iOS device through the use of a specially-designed custom USB device that looks like a charger but in fact contains a tiny Linux-powered computer designed to insert malware. The fix is already present in the most recent iOS 7 beta and will be incorporated into the OS when it is released to the public this fall, the company says, and involves notifying users whenever they connect to another computer, even through the power adapter.
A demonstration of the hack, known as Mactans, was given at the annual Black Hat security conference on Wednesday. The fake "power adapter" actually contained a tiny Beagleboard computer (approximate cost $45) which can be programmed to transmit malware into the iPhone through the Lightning connector. It successfully infected an iPhone 5 running iOS 6 with a bit of malware that programmed the phone to dial the number of one of the researchers behind the hack.
An Apple spokesman thanked the researchers for making the company aware of the problem prior to releasing the information publicly, allowing the company to develop a way to prevent future use of the attack. Fortunately for Apple, the vast majority of its iOS userbase upgrades to the latest version almost as soon as it is available; when iOS 6 was released, some 80 percent of the userbase was already on it by the end of the first week of availability. The fix will probably be added to updates of iOS 6 as well as a security precaution at some point.