$bbtitle
Apple Stock: 189.87 ( +0.92 )
RSS RSS Twitter Twitter
Search:
AppleInsider.com Archives News Bytes Reviews Anonymous Mailer Submit Story AppleInsider Forums Mac Prices Polls Advertise on AppleInsider Contact AppleInsider
Black Friday Deals Extended: save up to $300 on MacBook Pros and up to $180 on iMacs: Mac Pricing Guide updated Dec 8th (Find the best prices on Macs).
Thursday, July 2, 2009

Apple working to fix unreleased iPhone SMS exploit

By Neil Hughes

Published: 03:00 PM EST

Tipped off by a Mac OS X security expert, Apple is working to repair a serious security flaw in the iPhone’s operating system – one that could allow an attacker to track the phone’s location via GPS, eavesdrop on conversations via the microphone, or create a mobile bot net capable of unleashing denial of service attacks.

The attack takes advantage of a vulnerability in the phone’s short messaging service, or SMS, feature, allowing an outside party into the phone’s root access without the owner’s knowledge. Security researcher Charles Miller, co-author of The Mac Hacker’s Handbook, announced his discovery Thursday at the SyScan Conference in Singapore, according to Computerworld.

Apple plans to have the fix released later this month, before Miller gives his scheduled speech at the Black Hat Technical Security Conference in Los Angeles. At the July 25-30 conference, Miller will be joined by Colin Mulliner for a talk entitled “Fuzzing the Phone in Your Phone,” which will show attendees how to discover vulnerabilities in a variety of smartphones.

Miller has not specifically detailed how the SMS exploit is done, citing an agreement with Apple. But he will discuss the attack in length at the Black Hat conference.

The exploit takes advantage of the fact that SMS can send binary code to an iPhone. That code is automatically processed without user interaction, and can be compiled from multiple messages, allowing larger programs to be sent to a phone.

For a widely-adopted platform, Apple’s iPhone has had remarkably little in the way of discovered vulnerabilities in its short history. In 2007, a security firm – including Miller – notified Apple of the phone’s first security flaw, soon after the hardware had been released. It was subsequently fixed by Apple.

Miller said that the iPhone’s stripped-down version of OS X makes it more secure than the full-fledged operating system. And because it lacks support for Adobe Flash and Java, isolates individual applications from one another, and only allows software that has been digitally signed by Apple, it is less likely to have security flaws than a full-form computer.
Filed under : iPhone 23 Comments ] 
Story topics: Security   Print ] [ Story Link ] 


Download Parallels 5.0 Today
Mac Poker players can play Full Tilt Poker for Mac and get 100% to $600 free with bonus code MP600, courtesy of Online Poker Mac
AppleInsider Features
Hot Forum Topics

Recent Articles
Apple's Lala purchase price disputed, Kodak storewide sale, more
Google Chrome for Mac Web browser reaches beta release
Major print publishers confirm collaborative digital store
Apple reveals best-selling iTunes content, iPhone apps of 2009
Apple appeals $21.7 million patent infringement decision
Review scam leads to removal of over 1,000 apps from App Store
Apple reportedly spent $80 million to acquire Lala
Apple sold estimated 60,000 iPhones in South Korean launch
'Mark the Spot' iPhone app aims to find AT&T trouble areas
Apple's Lala purchase forecasts browser access to iTunes content
iPod touch use outpaces iPhone, could foster Apple loyalty - report
Comcast's NBC deal could be roadblock for Apple's subscription hopes
Microsoft alters settlement with EU over browser exclusivity
Reports confirm Apple reaches agreement to purchase Lala
Apple close to acquiring music streaming service Lala - report
Apple's iMac, MacBook Pro top U.S. October PC sales
Apple ordered to pay $21.7 million in patent suit
Apple adds 3.33GHz quad-core Mac Pro, 2TB hard drive upgrades
Motorola suggests Apple's iPhone is feminine in latest TV spot
Progress made on Apple's potential second Cupertino campus
Publisher Hearst releases plans for digital magazine, newspaper service
College develops iPhone app to connect with potential students
Google launches free Public DNS
Intel to apply Apple's App Store strategy with netbooks
China's largest e-commerce site sells 5 iPhones in 2 weeks
Mac sales projected to grow 26% in 2010, outpacing PC market
Apple predicted to offer 300,000 iPhone apps, tablet in 2010
Time Inc. demos tablet-friendly magazine concept
Retailers want in on Apple's iPod touch point-of-sale system
Apple tablet rumored to be 'shockingly' inexpensive
AT&T drops lawsuit against Verizon over advertising spat
After Apple agreement, Psystar officially halts sales of clone Macs
'Complicated' Verizon iPhone deal said to be unlikely in 2010
Apple's Cyber Monday Internet shopping traffic increases 71%
Psystar agrees to pay Apple $2.7M in settlement
Apple's iPhone predicted to find home at T-Mobile U.S. in 2010
AT&T ranks last in Consumer Reports mobile service survey
Google hopes to compete with iTunes, offer pay TV on YouTube
Psystar, Apple enter partial settlement to cease clone Mac sales
Apple's iPhone 'halo effect' lifts Mac to 16.4% sales growth

AppleInsider Market Place

Sell your Laptop - working or not. Free shipping.: Get an instant online quote and sell your laptop today !

Believe in Office: Save Up To 25% on Office 2004 For Mac. Visit Our Site for Details!

IBackup - SMB Online Backup: IBackup is the preferred online storage and backup service of choice for SMBs for its ease of use, security and value. Offers automated backup and restore, file selection and securiy.

Download free software - everyday updated freeware files

 
Advertisements








AppleInsider RSS Feed
AppleInsider © 1997-2008
Please review our Privacy Policy.
Written/Edited/Compiled by the AppleInsider Staff.