A German government agency discovered the weakness this week, saying the flaws could allow criminals to steal confidential data off the devices by tricking owners into opening an infected PDF file.
Internet-connected mobile devices are still subject to fewer attacks than personal computer, but they could eventually prove a juicy target for hackers because they are warehouses of confidential banking, e-mail, calendar, contact and other data.
"These things are computers - they're just small, portable computers that happen to have a phone tacked onto them," said Marc Fossi, manager of research and development for Symantec Security Response. "You've got to treat them more like a computer than a phone. You have to be aware of what's going on with these devices."
Apple says it will fix the problem in an upcoming software upgrade, but there's no word on when it will be available.
The Associated Press contributed to this report.