$bbtitle
Apple Stock: 199.30 ( +4.96 )
RSS RSS Twitter Twitter
Search:
AppleInsider.com Archives News Bytes Reviews Anonymous Mailer Submit Story AppleInsider Forums Mac Prices Polls Advertise on AppleInsider Contact AppleInsider
Save up to $280 on new MacBook Pros and up to $150 on brand new iMacs with special coupons: Mac Pricing Guide updated Nov 9th (Find the best prices on Macs).
Thursday, July 2, 2009

Apple working to fix unreleased iPhone SMS exploit

By Neil Hughes

Published: 03:00 PM EST

Tipped off by a Mac OS X security expert, Apple is working to repair a serious security flaw in the iPhone’s operating system – one that could allow an attacker to track the phone’s location via GPS, eavesdrop on conversations via the microphone, or create a mobile bot net capable of unleashing denial of service attacks.

The attack takes advantage of a vulnerability in the phone’s short messaging service, or SMS, feature, allowing an outside party into the phone’s root access without the owner’s knowledge. Security researcher Charles Miller, co-author of The Mac Hacker’s Handbook, announced his discovery Thursday at the SyScan Conference in Singapore, according to Computerworld.

Apple plans to have the fix released later this month, before Miller gives his scheduled speech at the Black Hat Technical Security Conference in Los Angeles. At the July 25-30 conference, Miller will be joined by Colin Mulliner for a talk entitled “Fuzzing the Phone in Your Phone,” which will show attendees how to discover vulnerabilities in a variety of smartphones.

Miller has not specifically detailed how the SMS exploit is done, citing an agreement with Apple. But he will discuss the attack in length at the Black Hat conference.

The exploit takes advantage of the fact that SMS can send binary code to an iPhone. That code is automatically processed without user interaction, and can be compiled from multiple messages, allowing larger programs to be sent to a phone.

For a widely-adopted platform, Apple’s iPhone has had remarkably little in the way of discovered vulnerabilities in its short history. In 2007, a security firm – including Miller – notified Apple of the phone’s first security flaw, soon after the hardware had been released. It was subsequently fixed by Apple.

Miller said that the iPhone’s stripped-down version of OS X makes it more secure than the full-fledged operating system. And because it lacks support for Adobe Flash and Java, isolates individual applications from one another, and only allows software that has been digitally signed by Apple, it is less likely to have security flaws than a full-form computer.
Filed under : iPhone 23 Comments ] 
Story topics: Security   Print ] [ Story Link ] 


Pre-Order VMware Fusion 3
RSS
RSS
RSS
Mac Poker players can play Full Tilt Poker for Mac and get 100% to $600 free with bonus code MP600, courtesy of Online Poker Mac
AppleInsider Features
Hot Forum Topics

Recent Articles
iPhone addition predicted to boost RadioShack profits
App Store roundup: HD Radio comes to iPhone, 3G VoIP still MIA
First-known iPhone worm 'Rickrolls' jailbroken Apple handsets
Apple opens doors to France's first Apple Store
Verizon continues assault on AT&T with series of holiday ads
Apple releases syncing fix for Apple TV 3.0
Doom game creator suggests Apple embarrassed about iPhone gaming
Report: Apple to launch Verizon iPhone in Q3 2010
Apple unveils holiday shopping in-store pickup option
Apple's Broadway store to open Saturday, Nov. 14
Bizarre lawsuits connect Apple with Sarah Jessica Parker, Lil' Wayne
Apple predicted to countersue in legal battle with Nokia
Windows 7 tops Vista software sales, lags behind in hardware
Report: Apple testing RFID swipe support in iPhone prototypes
Inside Google's Android and Apple's iPhone OS as core platforms
Apple looks to hire new iPhone OS security manager
Apple investigating 'Grab & Go' simplified cross-platform sync
Apple co-founder Steve Jobs named Fortune 'CEO of the Decade'
Review roundup: Motorola Droid, Verizon's first Android handset
Apple's latest 10.6.2 beta packs fixes for VMWare, iMacs, Apple TV
Latest Snow Leopard build resurrects Atom compatibility
Bell, Telus provide new iPhone competition in Canada
'Art project' video game attacks Apple Mac machines
Hacker cracks Apple's latest iPhone 3GS security measures
The Beatles go digital with apples, but still not Apple's iTunes
Apple announces App Store offerings top 100,000
Apple launches iTunes Music Movies with exclusive content
Parallels Desktop 5 for Mac claims speed superiority
AT&T brings lawsuit against Verizon over 'Map' ad campaign
Canalys Q3 2009: iPhone, RIM taking over smartphone market
Hit-or-miss site claims 4G iPhone part; French exclusivity ends
Despite disappointing China debut, iPhone's 2010 predicted to be strong
Philadelphia's first Apple store moves closer to reality
Exclusive look at Apple's new iPod touch-based EasyPay checkout
China Unicom gains 5,000 iPhone subscribers from launch
iPhone makes enterprise market inroads for Apple
Apple pitches $30-a-month iTunes TV subscriptions - report
Apple's iPhone sees tepid sales debut in China
Apple's 2010 capital expenditures could signal major investments
Apple rumored to disable Atom support with Mac OS X 10.6.2

AppleInsider Market Place

Sell your Laptop - working or not. Free shipping.: Get an instant online quote and sell your laptop today !

Believe in Office: Save Up To 25% on Office 2004 For Mac. Visit Our Site for Details!

IBackup - SMB Online Backup: IBackup is the preferred online storage and backup service of choice for SMBs for its ease of use, security and value. Offers automated backup and restore, file selection and securiy.

Download free software - everyday updated freeware files

 
Advertisements








AppleInsider RSS Feed
AppleInsider © 1997-2008
Please review our Privacy Policy.
Written/Edited/Compiled by the AppleInsider Staff.