Apple Fixes iPhone SMS Vulnerability - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Mobile & Wireless
News
7/31/2009
04:00 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Apple Fixes iPhone SMS Vulnerability

Moving to close a hole revealed at the Black Hat security conference on Thursday, Apple has released iPhone OS 3.0.1.

Apple on Friday patched a vulnerability in its iPhone that offered cybercriminals a way to steal data or hijack the device using a specially-crafted SMS message.

The company released iPhone OS 3.0.1 specifically to address the vulnerability, which was disclosed at the Black Hat security conference in Las Vegas on Thursday.

The update can be downloaded through iTunes.

As per responsible disclosure practices, Charlie Miller and Collin Mulliner, the security researchers who found the flaw, notified Apple of the problem in advance so the company would have time to prepare a patch.

The pair also identified a vulnerability affecting Android phones. Google said that it fixed the issue prior to the Black Hat presentation.

A poll of 94 security professionals at the Black Hat conference, conducted by security vendor nCircle, has found that more than half of respondents (56%) believe that Apple's iPhone will be the mobile phone that is most vulnerable to attack for the remainder of 2009.

For other phone platforms, speculation about future vulnerability broke down as follows: Android (14%), Blackberry (8%), Nokia OS (5%), Other (15%).

"Unfortunately, it looks like the security problems with iPhone will continue to grow until Apple makes security a higher priority," said Andrew Storms, director of information technology at nCircle, in a statement. "If there is a silver lining for iPhone users, it's that all of the security research attention it is getting could eventually turn the iPhone into one of the most secure mobile platforms."

In a statement issued to The Wall Street Journal, Apple downplayed the danger of the SMS vulnerability by noting that no one had actually lost any personal information through the exploitation of the vulnerability.

That's not entirely surprising given that the vulnerability has only been publicly known for a day, but it does underscore the fact that active exploitation of mobile phone vulnerabilities is currently a far less significant risk than that posed by PC-based malware.

Registration is now open for the leading enterprise communications event, VoiceCon. It happens in San Francisco, Nov. 2-5. Find out more and register.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll