Apple Releases iPhone Update To Fix SMS Hack
12:00 pm, July 31st, 2009, Leander Kahney
Apple on Friday afternoon released a firmware patch for the iPhone to fix a dangerous SMS security hole.
The 3.0.1 firmware update is available now through iTunes. The 300MB update is available for the iPhone, iPhone 3G and iPhone 3GS. It doesn’t appear to contain any other features or bug fixes except for the SMS patch, according to Apple’s security advisory.
As previously reported, noted security experts Charlie Miller and Collin Mulliner revealed a major security exploit in the iPhone’s SMS system on Thursday at the 2009 Black Hat Conference in Las Vegas.
The exploit takes advantage of memory hole in the SMS system, allowing hackers root access to the device. Programs could theoretically be sent to any iPhone, through multiple SMS messages if necessary, and take over all functions, including the camera, phone and microphone. The only indication of the hack would be a SMS message containing a single square character.
Miller and Mulliner reportedly chose to reveal the exploit, which is applicable to all mobile platforms including iPhone OS, Android and Windows Mobile, at Black Hat after Apple had been unresponsive in the wake of their showing it to company officials earlier in July.
Looks like Apple woke up fast. The patch was issued in about 24 hours.
UPDATE: Google also patched its Android system on Friday, and Microsoft says it is investigating, according to BusinessWeek. To be fair, Microsoft was just informed of the vulnerability, while Apple was warned weeks ago, which may explain the speed of its patch.
Posted by Leander Kahney in Apple, News, Software, iPhone | Comment on this article
If you enjoyed this article:
Subscribe via RSS or email, or follow us on Facebook and Twitter
The fact that the patch was out in 24hr makes me think that Apple has been working on it since they were told about the flaw, they just chose not to talk with the researchers about it.
So…good thing, they fixed it (we hope); bad thing, they still can’t grok the fact that you need to talk with the security people if you expect their help in any way.
Vox, on July 31st, 2009 at 2:47 pm