Apple Fixes iPhone SMS Vulnerability Highlighted at Black Hat

 
 
By Brian Prince  |  Posted 2009-07-31
 
 
 

Apple has fixed the iPhone vulnerability highlighted at the Black Hat security conference yesterday. 

The update plugged a memory corruption issue in the decoding of SMS messages that could be exploited to remotely execute code on the phone. The vulnerability was put in the spotlight after a presentation by researchers Charlie Miller and Collin Mulliner. 

The two demonstrated how hackers could use the iPhone's texting capability to attack users, sending messages to victims in an attempt to compromise the phone

In a statement, Apple officials said that no one has been able to use the vulnerability to take control of the iPhone and gain access to personal information. 

"We appreciate the information provided to us about SMS vulnerabilities that affect several mobile phone platforms," a spokesman said. "This morning, less than 24 hours after a demonstration of this exploit, we've issued a free software update that eliminates the vulnerability from the iPhone." 

A paper Miller and Mulliner published on the situation in June is available here.

 

 

Rocket Fuel