Apple on Friday afternoon released a firmware patch for the iPhone to fix a dangerous SMS security hole.
The 3.0.1 firmware update is available now through iTunes. The 300MB update is available for the iPhone, iPhone 3G and iPhone 3GS. It doesn’t appear to contain any other features or bug fixes except for the SMS patch, according to Apple’s security advisory.
As previously reported, noted security experts Charlie Miller and Collin Mulliner revealed a major security exploit in the iPhone’s SMS system on Thursday at the 2009 Black Hat Conference in Las Vegas.
The exploit takes advantage of memory hole in the SMS system, allowing hackers root access to the device. Programs could theoretically be sent to any iPhone, through multiple SMS messages if necessary, and take over all functions, including the camera, phone and microphone. The only indication of the hack would be a SMS message containing a single square character.
Miller and Mulliner reportedly chose to reveal the exploit, which is applicable to all mobile platforms including iPhone OS, Android and Windows Mobile, at Black Hat after Apple had been unresponsive in the wake of their showing it to company officials earlier in July.
Looks like Apple woke up fast. The patch was issued in about 24 hours.
UPDATE: Google also patched its Android system on Friday, and Microsoft says it is investigating, according to BusinessWeek. To be fair, Microsoft was just informed of the vulnerability, while Apple was warned weeks ago, which may explain the speed of its patch.
