New iPad bug is exposed

After AT&T called a group of security experts “malicious” hackers for exposing an iPad security flaw, the group took the telecom giant — and Apple — to task for failing to fix another iPad bug.

Goatse Security, which drew attention to an iPad security breach last week, said there is a separate issue with Apple’s Safari Web browser that leaves iPad users vulnerable to further hacking attempts.

Escher Auernheimer, a member of Goatse, said Apple plugged the hole in the desktop version of its browser but has yet to make the same patch for the mobile version of Safari.

A hacker could exploit the browser weakness to launch an iPad takeover and wreak havoc, including spamming, stealing passwords and a host of other problems, Auernheimer said in a blog posting on Goatse’s site.

Goatse uncovered the vulnerability in March, and Apple still hasn’t fixed the problem, he said. Considering the lag time, other hackers have had ample time to exploit the same weakness — or discover new ones.

“Given that, the number of parties which probably have active iPad exploits likely numbers in the hundreds, if not the thousands,” Auernheimer wrote. “The iPad simply is not a safe platform for those that require a secure environment.”

Apple has not responded to repeated requests for comment since Goatse disclosed the first iPad breach last week.

The group said it discovered a flaw on AT&T’s Web site that allowed it to gain access to data for 114,000 iPad owners.