Germany's Federal Office for Information Security warned last week about a vulnerability in the way Apple's iOS devices such as the iPad, iPhone and iPod Touch deal with PDF files.
If a user clicks on an infected PDF, a hacker could access a user's confidential information including passwords, email and bank data.
The German agency recommended that iPhone users not open unknown PDF files, whether they are received via email or website links. It also advised users to view and link only to trusted websites.
Apple responded that it is working on a solution. "Apple takes security very seriously," a company spokeswoman said. "We're aware of this reported issue and developing a fix that will be available to customers in an upcoming software update."
Bugs and fixes such as this have happened before and are likely to happen again.
Earlier this year, for example, a hacker proved he could break into an iPhone 4 after clicking on a booby-trapped website; this is business as usual in the world of cybersecurity.
Although the PDF wrinkle appears to be new, "you'll always have fraud and security breaches," noted Paul Schaus, president of CCG Catalyst Consulting Group.
"You can't build the perfect security wall. As soon as you think it's perfect, people will break a hole in it."
What banks can do is monitor client patterns across all their channels and send notifications about anything out of the ordinary.
They can also alert customers to new security issues so that they avoid clicking on PDFs and websites from unknown sources.
But more onerous measures are tricky.
"You can't shut the client off from a channel they want access to," Schaus said. "It's a Catch-22."
