Friday, July 31, 2009

Apple Fixes iPhone OS SMS Security Flaw and Exploit

The SMS security flaw and exploit in the iPhone OS had been at the center of one of the most talked about exploits at this week's Black Hat Technical Security: USA 2009. The security flaw and exploit involved malicious SMS messages that could allow hackers to take control of any GSM phone. The flaw could have let them make calls, send text messages, or almost anything they wanted on the victim's GSM phone.

Security researchers Collin Mulliner and Charlie Miller showed the flaw in action at Black Hat earlier this week. Miller said the flaw could take control of the iPhone because of the way the device handled the SMS message. Researchers at Black Hat also showed how SMS vulnerabilities can affect Windows Mobile smartphones and Symbian phones including those from Nokia, Sony Ericsson, Motorola, Samsung, HTC, and others.

According to Apple, the iPhone OS 3.0.1 update released today improves the device's memory handling, essentially fixing the exploit and the iPhone OS 3.1 Beta 3 released to developers several days ago also improves the device's memory handling, essentially fixing the exploit.

No comments: