Apple fixes iPhone SMS flaw
Vulnerability in iPhone software allowed hackers to take control of the device via an SMS message, as demonstrated at Black Hat.
Apple on Friday fixed an SMS-related security flaw in the iPhone that had been at the center of one of the most talked-about exploits at this week's Black Hat security conference.
"We appreciate the information provided to us about SMS vulnerabilities which affect several mobile phone platforms," Apple representative Tom Neumayr told CNET.
"This morning, less than 24 hours after a demonstration of this exploit," Neumayr continued, "we've issued a free software update that eliminates the vulnerability from the iPhone. Contrary to what's been reported, no one has been able to take control of the iPhone to gain access to personal information using this exploit."
The security flaw involved malicious SMS messages that could allow hackers to take control of an iPhone. The flaw could have let them make calls, send text messages, or almost anything they wanted on the victim's iPhone.
Security researchers Collin Mulliner and Charlie Miller showed the flaw in action at Black Hat earlier this week. Miller said the flaw could take control of the iPhone because of the way the device handled the SMS message. Researchers at Black Hat also showed how SMS-related vulnerabilities can affect Windows Mobile smartphones including those from HTC, Motorola, and Samsung.
Miller said that Apple was first notified of the flaw six weeks ago.
According to Apple, the iPhone 3.0.1 update released today improves the device's memory handling, essentially fixing the exploit.
The update is available by plugging your iPhone into your computer and clicking on the Check for Update button in iTunes.