According to U.K.-based network operator O2, Apple plans to distribute a patch for the iPhone's SMS security flaw as soon as this weekend. What's not clear is if the patch will be only for O2's customers or if Apple will update all iPhones. Update: iPhone OS 3.0.1 released to fix the flaw!The iPhone is sold by network operator O2 in the U.K. An O2 spokesperson recently indicated that Apple will issue a patch via iTunes on Saturday, August 1. "We always recommend our customers update their iPhone with the latest software and this is no different. We will be communicating both through the [O2] Web site and proactively." In other words, O2 will get the word out to its iPhone customers that they should probably sync with iTunes to receive the patch.
The patch will plug a hole recently revealed by security expert Charlie Miller at the Black Hat conference. The problem allows ne'er-do-wells to send a text message with a single odd character to an iPhone and then gain control over some of the iPhone's functions. Miller explained that the exploit could lead to all sorts of actions, including taking control of the iPhone's camera, text messaging feature and address book.
The problem could be fixed with a minor system software update, or blocked by the network operators that offer the iPhone. Apple hasn't commented on the matter, nor has it confirmed that the patch is coming.
It would be pretty useless for Apple to only protect the iPhones that are sold by O2. Any patch that works for O2 would presumably work for all iPhones. Keep an eye on iTunes, perhaps the patch will be available for U.S. users on Saturday, too.
This afternoon, Apple released iPhone OS 3.0.1 to all iPhone users through iTunes. The software update fixes the security flaw. It does not introduce any new features. Apple is encouraging all iPhone owners to update their software to remain protected.