Apple has released a patch for its iPhone operating system that patches a rather nasty bug allowing attackers to take full control of a target device via nothing more than a series of simple SMS messages.
As reported over on
V3.co.uk, the patch - which brings the iPhone software to version 3.0.1 - addresses the security hole first noticed by security researchers Charlie Miller and Collin Mulliner. The fix comes not a moment too soon, as the pair used the BlackHat conference this past weekend to formally announce the vulnerability having given Apple two weeks to acknowledge the issue with no response.
This isn't the first time that Charlie Miller has found some pretty major flaws in widely distributed software: having worked for the NSA for five years, he has made something of a name for himself as an expert in Mac security after successfully exploiting a flaw in the MacBook Air as part of the Pwn2Own contest at CanSecWest 2008 in a mere two minutes.
Although iPhone owners can now rest easy in the knowledge that this particular security flaw - which allowed full remote access to all functionality on the handset by receipt of a series of specially crafted SMS messages, only the first of which would be seen by the owner - the pair warn that similar, although as yet unexploited, bugs also exist in the message handling subsystems of the Android and Windows Mobile smartphone platforms.
With the patch now released, all iPhone owners are advised to upgrade to 3.0.1 as a matter of some urgency; while it's not thought that the flaw is being actively exploited as yet, it never hurts to be cautious. As with previous updates, 3.0.1 can be downloaded by connecting the iPhone to a system running iTunes 8.2 or newer, via the 'Check for Updates' button in the iPhone Summary screen.
Does the thought of a ne'er-do-well getting his sweaty mitts on your precious iPhone remotely give you the screaming heebie-jeebies, or are you more concerned that similar things could still yet happen to Android and Windows Mobile handsets? Share your thoughts over in
the forums.
Want to comment? Please log in.