Home ยป Content

Apple patching Serious SMS Vulnerability on iPhone

Posted July 3rd, 2009 by Shawn
Computerworld

The flaw could allow an attacker to remotely install and run unsigned software code.

Apple Inc. is working to fix an iPhone vulnerability that could allow an attacker to remotely install and run unsigned software code with root access to the phone.

The attack in question exploits a weakness in the way iPhones handle text messages received via SMS (Short Message Service), said security researcher Charlie Miller, during a presentation at the SyScan conference in Singapore on Thursday. He didn't provide a detailed description of the SMS vulnerability, citing an agreement with Apple.

The SMS vulnerability allows an attacker to run software code on the phone that is sent by SMS over a mobile operator's network. The malicious code could include commands to monitor the location of the phone using GPS technology, turn on the phone's microphone to eavesdrop on conversations, or make the phone join a distributed denial-of-service attack or a botnet, Miller said

Apple expects to have a fix ready later this month, before Miller discusses the attack in greater detail during a planned presentation at the Black Hat USA conference in Las Vegas.

Click here to read more on "Apple patching Serious SMS Vulnerability on iPhone"

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <p> <div>
  • Lines and paragraphs break automatically.
  • Each email address will be obfuscated in a human readble fashion or (if JavaScript is enabled) replaced with a spamproof clickable link.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.