Apple has just released iPhone OS 3.0.1 to fix the SMS vulnerability which was revealed by researchers Charlie Miller and Collin Mulliner yesterday at the Black Hat conference in Las Vegas.
They had claimed that a security vulnerability in the iPhone's SMS messaging system could allow hackers to in theory "take over every iPhone in the world".
Apple seems to have realized that it was serious enough to release a patch to fix the SMS vulnerability.
This Knowledgebase Article gives more details of the vulnerability where they have given credit to the researchers for finding the security hole:
Impact: Receiving a maliciously crafted SMS message may lead to an unexpected service interruption or arbitrary code execution
Description: A memory corruption issue exists in the decoding of SMS messages. Receiving a maliciously crafted SMS message may lead to an unexpected service interruption or arbitrary code execution. This update addresses the issue through improved error handling. Credit to Charlie Miller of Independent Security Evaluators, and Collin Mulliner of Fraunhofer SIT for reporting this issue.
Apple has issued the following statement on the software update:
"We appreciate the information provided to us about SMS vulnerabilities which affect several mobile phone platforms. This morning, less than 24 hours after a demonstration of this exploit, we've issued a free software update that eliminates the vulnerability from the iPhone. Contrary to what's been reported, no one has been able to take control of the iPhone to gain access to personal information using this exploit."
Please note that iPhone OS 3.0.1 breaks jailbreaking. So if you have jailbroken and/or unlocked your iPhone then we would recommend you to wait for iPhone Dev Team to release their latest tools. We will keep you posted so stay tuned here at iPhone Hacks.
Folks, if you do not fall in the above category and are planning to update to the latest firmware, please do let us know how it goes.
Thanks Mo for the heads up.
Update:
Some folks have found out that restoring their iPhone with iPhone OS 3.0.1 (7A400) and then, while using RedSnOw (Mac or Windows) selecting the firmware file of iPhone OS 3.0 (7A341) and not iPhone OS 3.0.1, jailbreaks iPhone OS 3.0.1.
The tethering hack still seems to work with AT&T. We still don't know if the MMS hack works with iPhone OS 3.0.1. We will update this post as soon as we get any information.
We hear that iPhone OS 3.0.1 does not update the baseband so you should be able to unlock your iPhone running iPhone OS 3.0.1. Please proceed with caution and at your own risk, we would recommend you to wait for Dev Team or GeoHot to release their updated tools for iPhone OS 3.0.1.
Does it also break tethering settings hack?
exactly what I intended to ask
I don't think so, as this update just fixes the sms bug and nothing else. When 3.1 comes out it will break the tethering hack.
How can I try it and roll back if it does break tethering?
i just update before i read this so i should try re jailbreaking me phone?
let me rephrase I just got done updating and stupid me didn't read this… should I try re-jailbreaking my phone?
hey the purplera1n works with 3.0.1
thanks
can anyone tell me if they used ultrasn0w on 3.0.1 and if it worked properly? or should i just wait for dev team?
Is there a guide posted some where on how to do the update and apply the jailbreak? Do you loose all your settings?
on 3G …mms and tethering is still working, but you will have to re-jailbreak and install your the jailbroken apps… directions above for install the 3.0.1 are on point.
your settings will be cool… just follow the above instructions under "Update" above…
note: you will need both firmwares ie 3.0 and 3.0.1. Basically, run the update for 3.0.1 as normal in itunes and then use redsnow .08 and point it to the old "3.0" firmware to get jailbreak back. All my setting and activation was fine. But note: if you use jailbroken apps that alternator the springboard then deactivate them 1st… this will help to make sure everything shows as normal… apps like "categories" tend to be troublesome if not deactivated before updating…
Yes it works on iphone 3gs and iphone 2g, I was able to unlock and activate my 2g with redsnow since its not in a data plan which is used by my wife and on 3gs i tried ultrasnow to unlock it just to try it works or not though its in at&t, its working fine like before. Just make sure to use 3.0 firmware while using red0snow.
Tethering is completely unaffected!
F.Y.I. This post was made after update to 3.0.1 and Tethered!
Proof that it's safe to update a phone that isn't Unlocked or Jail-broken.
@ cartman i used ultrasn0w on 3.0.1 and it works flawlessly! Go for it without any worries.
Just update using itunes and your iphone supplier sim to activate it. Then use rednow selecting 3.0 firmware to jailbreak. After that, REMOVE ANY SIM CARD, and unlock it using ultrasnow. When finished and restarted, pop in your 3rd party sim.
Good luck!
really? mine did not. i had to rebuild, i am going to try redsn0w next
redsn0w worked, pointed to 3.0 firmware
Thank you!
i love my iPhone.thanks for a great blogg, a lot of useful information about new iPhone 3.0.1 OS
http://www.perceptionsystem.com/iphone-application-development.html
Nikhil