Friday, July 3, 2009

Apple patching nasty iPhone SMS vulnerability

Given the hype surrounding Apple's iPhone, we're actually surprised that we haven't seen more holes to plug over the years. In fact, the last major iPhone exploit to take the world by storm happened right around this time two years ago, and now -- thanks to OS X security expert Charlie Miller -- we're seeing yet another come to light.

Read the full story by by Darren Murph at engadget.

According to Miller, the attack "exploits a weakness in the way iPhones handle text messages received via SMS (Short Message Service)," but due to a prearranged agreement with Apple to keep the details out of the press, he refused to say more. In fairness, we're glad that he's passing the evidence onto Apple for it to mend up the problem before it becomes something more serious. For those unfamiliar with the name, Charlie Miller is a renowned expert on Mac OS X security, so while he's credited with finding the gap, he's certainly a "good guy" in all of this.

The only details Miller had were as follows: "The SMS vulnerability allows an attacker to run software code on the phone that is sent by SMS over a mobile operator's network. The malicious code could include commands to monitor the location of the phone using GPS, turn on the phone's microphone to eavesdrop on conversations, or make the phone join a distributed denial of service attack or a botnet."

Read the full story by at

No comments: