Apple maybe working to fix a serious security flaw on iPhone which might allow an attacker to run software code on the iPhone that is sent by SMS over a mobile operator’s network.
Security researcher Charlie Miller who is an authority on MacOS X security announced this last Thursday at the SyScan Conference in Singapore. Miller is also the co-author of The Mac Hacker’s Handbook.
Miller claims that he used the flaw to remotely crash an iPhone, a
sign that a more serious attack might be possible.
He hasn’t provided details on how the SMS exploit works due to an agreement with Apple. But according to him, Apple plans to release the fix for the security flaw later this month before Miller
gives his scheduled speech at the Black Hat Technical Security
Conference in Los Angeles.
Miller mentioned that though the iPhone requires iPhone apps to run in a sandbox, a
security feature that isolates them from other applications and limits
their access to the phone’s capabilities; in case of SMS it offers a way for
attackers to get greater access to the phone’s capabilities making it more vulnerable to attacks.
If the information provided by Miller is accurate and Apple deems it as a critical security flaw then they might include it in iPhone OS 3.1 which has already been seeded to developers of iPhone Developer program.
Thanks Michael for the tip![via AppleInsider]