Apple maybe working to fix a serious security flaw on iPhone which might allow an attacker to run software code on the iPhone that is sent by SMS over a mobile operator's network.
Security researcher Charlie Miller who is an authority on MacOS X security announced this last Thursday at the SyScan Conference in Singapore. Miller is also the co-author of The Mac Hacker’s Handbook.
Miller claims that he used the flaw to remotely crash an iPhone, a
sign that a more serious attack might be possible.
He hasn't provided details on how the SMS exploit works due to an agreement with Apple. But according to him, Apple plans to release the fix for the security flaw later this month before Miller
gives his scheduled speech at the Black Hat Technical Security
Conference in Los Angeles.
Miller mentioned that though the iPhone requires iPhone apps to run in a sandbox, a security feature that isolates them from other applications and limits their access to the phone's capabilities; in case of SMS it offers a way for attackers to get greater access to the phone's capabilities making it more vulnerable to attacks.
If the information provided by Miller is accurate and Apple deems it as a critical security flaw then they might include it in iPhone OS 3.1 which has already been seeded to developers of iPhone Developer program.
Thanks Michael for the tip!
[via AppleInsider]
kinda scary will have to check my sms before i read them
well if the bad sms hits our phone do u have to open sms and that sms thread for it to activate once the phone recives the sms are u just S O L
Let me know plz
i think its B.S. they are just trying to make dose who jailbroke their iphones update to 3.1 firmware… but if its true, than thats not good at all lol
That might be right because they might do some thing to block jailbreaking and to scare us into updateing to it they have to make up something that could harm our iPhones. So I'm not gonna update till the JB comes out
I hope this doesn't have anything to do with Geohot releasing the jailbreak before 3.1 came out like The Dev Team had advised.
Naw theres no 3.1 conspiracy, they needed to come out with firmware 3.1 anyway. Theres a few minor bugs with 3.0 and they need to enable voice commands through bluetooth headsets among other things. And as long as you have your purplera1ny day file and/or your signed ibss/ibec. youll be good anyway! I wonder if there will be a security patch in cydia for this sms thing before apple releases it lol.
There's a SCAM hitting UK mobiles with an offer of 'Free SMS'
It comes from 801 60 (SCAM NO!! DON'T CALL IT !!!!!!!)
it says 6gbpmin to call ®ister, actual cost is £60per min charged as soon as you call it. If you only have £5 credit, each time you top up it's deducted until the FULL £60 is paid up
Prepay (contract) debits straight away
be aware, you have been warned
This is a really good post. If the same guy who writes this blog wrote that post himself, I give him kudos for stepping up his writing skills. Nice job, keep up the good work.
It's gonna be perfect if somebody fix these flaws, because my IPhone have it and it's impossibility that big company like Apple can't handle this problem.
yeah.. i also red a news about iphone being hacked thru sms on theapplebites.com..
if one can hack the iphone with just a simple SMS then apple should be ashamed
iPhone Video Converter for Mac is a professional Mac iPhone Video MP4 Converter, which can convert popular video formats to iPhone MP4 on Mac. http://iphone-video-converter-for-mac.mp4kits.com/