Apple Fixes iPhone SMS Vulnerability - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Mobile & Wireless
04:00 PM
Connect Directly

Apple Fixes iPhone SMS Vulnerability

Moving to close a hole revealed at the Black Hat security conference on Thursday, Apple has released iPhone OS 3.0.1.

Apple on Friday patched a vulnerability in its iPhone that offered cybercriminals a way to steal data or hijack the device using a specially-crafted SMS message.

The company released iPhone OS 3.0.1 specifically to address the vulnerability, which was disclosed at the Black Hat security conference in Las Vegas on Thursday.

The update can be downloaded through iTunes.

As per responsible disclosure practices, Charlie Miller and Collin Mulliner, the security researchers who found the flaw, notified Apple of the problem in advance so the company would have time to prepare a patch.

The pair also identified a vulnerability affecting Android phones. Google said that it fixed the issue prior to the Black Hat presentation.

A poll of 94 security professionals at the Black Hat conference, conducted by security vendor nCircle, has found that more than half of respondents (56%) believe that Apple's iPhone will be the mobile phone that is most vulnerable to attack for the remainder of 2009.

For other phone platforms, speculation about future vulnerability broke down as follows: Android (14%), Blackberry (8%), Nokia OS (5%), Other (15%).

"Unfortunately, it looks like the security problems with iPhone will continue to grow until Apple makes security a higher priority," said Andrew Storms, director of information technology at nCircle, in a statement. "If there is a silver lining for iPhone users, it's that all of the security research attention it is getting could eventually turn the iPhone into one of the most secure mobile platforms."

In a statement issued to The Wall Street Journal, Apple downplayed the danger of the SMS vulnerability by noting that no one had actually lost any personal information through the exploitation of the vulnerability.

That's not entirely surprising given that the vulnerability has only been publicly known for a day, but it does underscore the fact that active exploitation of mobile phone vulnerabilities is currently a far less significant risk than that posed by PC-based malware.

Registration is now open for the leading enterprise communications event, VoiceCon. It happens in San Francisco, Nov. 2-5. Find out more and register.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
How to Create a Successful AI Program
Jessica Davis, Senior Editor, Enterprise Apps,  10/14/2020
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
Flash Poll