iPhone SMS Flaw Patched by Apple, Out-of-Band

rated by 0 users
This post has 2 Replies | 0 Followers

Top 10 Contributor
Posts 24,884
Points 1,116,935
Joined: Sep 2007
ForumsAdministrator
News Posted: Fri, Jul 31 2009 10:33 PM
One day after security experts announced their iPhone SMS hack research at the Black Hat Security Conference, Apple released a patch to address the flaw.Experts revealed on Thursday that malformed SMS messages could be used to hijack an iPhone.

Originally, an O2 spokesperson was the first to reveal the upcoming fix, noting that the patch would be available Saturday through iTunes.
"We will be communicating to customers both through the website and proactively.

"We always recommend our customers update their iPhone with the latest software and this is no different."
Apple delivered the fix sooner than expected, however, with the new OS version, 3.0.1 becoming available by mid-day in the U.S.



Security researchers Charlie Miller and Collin Mulliner released their findings the Black Hat conference in Las Vegas on Thursday. Further reports indicate that the flaw exists in most, if not all, GSM devices based on the way they handle SMS messages.Miller and Mulliner also found a hole in the iPhone's Safari browser way back in 2007 when it was first launched.
  • | Post Points: 20
Top 10 Contributor
Posts 5,048
Points 60,675
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Sat, Aug 1 2009 9:10 PM

"No teen had ever stumbled across the malformed message exploit before, because it consists entirely of words that are spelled properly."

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

  • | Post Points: 20
Top 50 Contributor
Posts 2,861
Points 24,255
Joined: Jul 2001
Location: United States, New York
digitaldd replied on Mon, Aug 3 2009 10:17 AM

3vi1:

"No teen had ever stumbled across the malformed message exploit before, because it consists entirely of words that are spelled properly."

 

:-)  cute..

 

I have read the white paper and the SMS exploit sends a bunch of unseen SMs messages followed by one with an empty box. if you get the empty box you are advised to shut your iPhone off.

 

  • | Post Points: 5
Page 1 of 1 (3 items) | RSS