Apple readies patch for iPhone SMS flaw
Published: 03 Jul 2009 08:36 BST
Apple expects to have a fix later this month for a vulnerability in the iPhone that could allow an attacker to gain control of the device remotely via SMS, a security researcher said on Thursday.
An attacker could exploit a weakness in the way iPhones handle SMS (short message service) messages to do things such as use GPS to track the phone's location, turn on the microphone for eavesdropping, or take control of the device and add it to a botnet, Charlie Miller, co-author of The Mac Hacker's Handbook and principal security analyst at Independent Security Evaluators, said in a presentation at the SyScan conference in Singapore. The presentation was covered by IDG News Service.
Miller said that under an agreement with Apple, he was barred from providing too much detail on the vulnerability. He plans to give a more detailed presentation on the hole at the Black Hat conference in Las Vegas at the end of the month.
Despite the SMS hole, which "could be a critical vulnerability", the iPhone is more secure than OS X on computers, Miller said. That is because the iPhone does not support Adobe Flash and Java, only runs software digitally signed by Apple, includes hardware protection for data stored in memory, and runs applications in a sandbox, he said.
Apple representatives did not immediately respond to an email request for comment.
Credit: Apple fixing iPhone SMS security hole from CNET News
Did you find this article useful?
7 out of 7 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
