Friday, July 3, 2009

Apple Patching Serious iPhone Vulnerability

Well, you knew that the iPhone 3.0 software introduced some interesting new features, but while developers were cranking out compass code, they overlooked a flaw that could allow an attacker to remotely run malicious code on your device, granting them root access.

The flaw is within how the software handles SMS (Short Message System) text messages. A security researcher was able to remotely crash an iPhone via specially crafted SMS messages, and that usually means that other attacks, such as installing their own software, creating denial of service conditions, or spreading additional malicious code are possible.

Look for Apple to patch this one quickly, given the fact that details of the vulnerability are rapidly becoming public. The normal result is an uptick in activity among malcode writers who look to begin exploiting the vulnerability.

Once Apple issues the fix, make sure you update your iPhone's software immediately, as the bad guys who haven't figured out the flaw will reverse-engineer the fix in order to build and scatter exploits in the wild.


No comments:

Post a Comment

Please tell me what you think.